AI Girlfriend Platform MyLovely.AI Exposes 113k NSFW Prompts Linked to User IDs
What Happened — MyLovely.AI, a subscription‑based AI‑girlfriend service, suffered a data breach that released over 100 k user records, including email addresses, subscription details, and 113 k explicit prompts. Nearly 70 k of those prompts are directly tied to individual user IDs, making the leak highly personal.
Why It Matters for TPRM —
- Sensitive personal data (NSFW prompts, IDs) can be weaponized for sextortion, raising reputational and legal risk for any organization that integrates or recommends the service.
- The breach reveals inadequate data segregation and protection controls on a SaaS platform handling intimate user content.
- Third‑party risk programs must reassess any contracts with AI‑driven consumer‑facing services that process highly personal information.
Who Is Affected — Consumer‑facing SaaS platforms, AI‑content providers, and any enterprise that has integrated MyLovely.AI APIs or allowed employee use of the service.
Recommended Actions —
- Review any existing contracts or data‑sharing agreements with MyLovely.AI.
- Verify that the vendor has implemented encryption at rest, strict access controls, and robust data‑retention policies.
- Consider terminating or restricting use of the platform until remediation is confirmed.
Technical Notes — The breach appears to stem from an unknown vector; no specific CVE or vulnerability was disclosed. Exfiltrated data includes email addresses, user‑generated prompts, image URLs, Discord/X handles, subscription metadata, and moderation logs. Source: https://www.helpnetsecurity.com/2026/04/09/mylovely-ai-data-breach-user-conversations/