My Lovely AI Breach Exposes 106K User Prompts

Overview

In April 2026, the NSFW AI companion platform My Lovely AI suffered a data breach impacting 106,271 user accounts. The breach exposed sensitive user-generated content, moving beyond basic login credentials to reveal intimate user interactions with the AI service. This incident was confirmed and reported to the breach notification service Have I Been Pwned.

What Was Exposed

The compromised data is particularly sensitive due to the platform’s nature. Exposed information includes:

• Usernames and Names: Basic account identifiers.
• User-Created Prompts: The private text inputs and requests users submitted to generate AI companion interactions and images.
• Links to AI-Generated Images: Direct URLs to the resulting NSFW images created by the AI.
• A Small Number of Discord and X Usernames: For some users, their social media handles were also linked and exposed.

Potential Impact

The exposure of prompts and image links creates significant privacy and safety risks that differ from a standard password leak.

• Extortion and Blackmail: Malicious actors could use the intimate nature of the exposed prompts and image links to threaten or extort users.
• Profiling and Targeted Harassment: The data could be used to build detailed profiles for targeted phishing, doxxing, or harassment on other platforms, especially where Discord or X usernames were linked.
• Embarrassment and Reputational Harm: The public or private revelation of this data could cause severe personal and professional embarrassment.
• Credential Stuffing: While passwords were not reported in this breach, exposed usernames/emails could be used in credential stuffing attacks on other websites.

Recommendations

Affected users should take immediate action to protect their privacy and security.

1. Assume Your Data is Public: Operate under the assumption that your prompts and any associated image links are now in the wild. Do not engage with anyone who contacts you claiming to have this data.
2. Change Your My Lovely AI Password: If you reused your My Lovely AI password on any other site, change it on those sites immediately. Use a strong, unique password for every online account.
3. Be Vigilant for Phishing: Be extremely cautious of any emails, Discord messages, or social media DMs that reference My Lovely AI, your prompts, or seem to know intimate details. Do not click on links or provide any information.
4. Review Linked Accounts: If you used a Discord or X username on the platform, review the privacy and security settings on those accounts. Enable two-factor authentication.

How to Check If You’re Affected

You can check if your data was compromised in this breach by visiting the Have I Been Pwned website. Go to haveibeenpwned.com and enter your email address into the search bar. The service will tell you if your email was found in the My Lovely AI breach dataset. You can also view the specific breach entry at https://haveibeenpwned.com/Breach/MyLovelyAI.

Security Insight

This breach highlights the unique data liability of platforms handling deeply personal and intimate user-generated content. Unlike a retailer losing credit card numbers, the exposure of private prompts represents a fundamental breach of user trust and contextual integrity. Companies in the personal AI and adult content space must implement security controls that reflect the severe personal harm this data can cause, a lesson often underscored in broader cybersecurity news. Failing to do so treats sensitive psychological data with the same protection level as a shopping list.

Further Reading

• All Medium Breaches
• Recent Data Breaches