Over 3M allegedly impacted by Cal AI app breach

Widely used AI-powered calorie tracking app Cal AI was purportedly breached by the threat actor "vibecodelegend," who leaked data from more than 3 million of the app's users allegedly obtained from a misconfigured Google Firebase instance, Cybernews reports.

Included in the 14.59 GB data trove were eight files detailing users' full names, dates of birth, gender, height and weight records, goals and macronutrient targets, settings, subscription details, and transaction IDs, among others.

"The most sensitive information appears to be the contact information. Together with other details, it can be used to craft detailed user profiles for targeted social engineering attacks," according to Cybernews researchers.

While Cal AI has not yet confirmed the incident, analysis suggests the legitimacy of the leaked dataset, noted researchers, who also noted that the account used to post the breach appeared to be new. Such a development comes after Cal AI, which gained popularity following a sponsorship deal with YouTuber MrBeast, was acquired by MyFitnessPal.