MyLovely.AI, an AI “artwork” generation platform, has reportedly been compromised, affecting 106,362 registered users.
The AI girlfriend app allows users to generate personalized NSFW content and engage in real-time conversations with AI-generated personas, often sharing highly personal prompts and interactions.
MyLovely.AI suffered a leak of a 2.1 GB JSON database with records from April 2026 that exposed users’ emails, user IDs, account creation dates, subscription tiers, social profile metadata, explicit images and videos, gallery and community items with direct URLs, and the exact prompts users submitted to generate NSFW content.
The database was posted on a dark web forum, exposing highly sensitive interactions between users and the AI service. Because the leak includes both identifiable information and explicit content, it effectively deanonymizes users’ activity, including highly sensitive sexual content and fantasies.
Two datasets containing 113,000 explicit NSFW prompts were included in the breach, with nearly 70,000 directly tied to unique user IDs. In practice, this means deeply personal requests and interactions can be linked back to individual users.
MyLovely.AI users should expect doxxing and sextortion attempts as a result of the leaked information. Cybercriminals can correlate identifiers— such as email addresses, social media handles, and explicit prompts or images—to real‑world identities, which can be particularly damaging.
See if your personal data has been exposed.
Stay safe
This is yet another data breach affecting an AI girlfriend service. Developers tend to rush these emerging platforms into existence because they are popular and profitable. Unfortunately, that often comes at the expense of security and privacy. Here are some things to bear in mind:
- Don’t trust AI platforms that promise privacy and encryption just because they say so.
- Don’t log in with your Google/Facebook/Microsoft credentials or by using your regular email address or phone number.
- Remember that anything you put online, including a service that promises privacy, carries the risk of becoming public.
Despite what users my think when engaging with a chatbot, these conversations should never be considered private. For particularly sensitive use cases (health, sexuality, legal issues), consider services that explicitly commit not to retain or train on conversations.
If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about and get an instant report.
What do cybercriminals know about you?
Use Malwarebytes’ free Digital Footprint scan to see whether your personal information has been exposed online.