Massive AI Data Leaks Expose 1 Billion KYC Records and Millions of User Photos

Dark Web News Analysis

Cybersecurity intelligence from February 2026 has confirmed two catastrophic data exposures involving artificial intelligence services. Rather than sophisticated hacking campaigns, both incidents stem from fundamental cloud security misconfigurations that left highly sensitive data accessible to the public internet.

Incident 1: IDMerit KYC Database Exposure An unprotected MongoDB instance belonging to IDMerit, a global AI-powered digital identity verification provider, exposed a staggering 1 billion personal records (totaling nearly 1TB of data). The dataset spanned individuals from 26 countries, heavily impacting the U.S. with over 203 million exposed records. The leaked Know Your Customer (KYC) data included:

• Government Identifiers: National IDs.
• Personally Identifiable Information (PII): Full names, physical addresses, dates of birth, and genders.
• Contact & Metadata: Phone numbers, email addresses, and telco metadata.

Incident 2: Codeway AI Video App Leak Simultaneously, researchers identified a misconfigured Google Cloud Storage bucket tied to the Android app “Video AI Art Generator & Maker,” developed by Codeway. The open server exposed approximately 8.27 million media files, including:

• Private User Uploads: Over 1.57 million original user images and 385,000 personal videos.
• AI-Generated Media: Millions of AI-altered videos, images, and audio files.

Key Cybersecurity Insights

The simultaneous exposure of biometric media and deep KYC data represents a “Tier 1” threat for global identity security:

• The Irony of KYC Vulnerabilities: Services like IDMerit are designed specifically to prevent fraud and financial terrorism. When these third-party identity vendors fail to secure their own databases, they become massive, centralized single points of failure, providing attackers with the exact “Fullz” profiles needed to bypass institutional security.
• Biometric and Visual Exploitation: The exposure of nearly 2 million original, private photos and videos is a severe privacy violation. This visual data can be scraped by malicious actors to create highly convincing “deepfakes” for extortion, targeted harassment, or bypassing biometric facial recognition systems.
• The “Cloud Misconfiguration” Epidemic: Neither of these breaches required a sophisticated zero-day exploit. They were the result of basic administrative failures—an unsecured MongoDB database and an open Google Cloud bucket. This highlights a dangerous trend where AI developers prioritize rapid deployment over fundamental security hygiene.
• Industrialized Synthetic Fraud: With access to national IDs, names, and telco metadata from the IDMerit leak, cybercriminals possess the complete toolkit required to execute large-scale synthetic identity fraud, SIM swapping, and hyper-targeted spear-phishing.

Mitigation Strategies

To protect your digital identity and ensure your organization’s resilience against third-party AI risks, the following strategies are urgently recommended:

• Aggressive Identity and Credit Monitoring: Individuals should immediately review their credit reports for unauthorized accounts and utilize identity theft monitoring services to detect if their National IDs or SSNs are being abused.
• Audit App Permissions and Cloud Hygiene: Users must regularly audit the permissions granted to third-party AI editing apps. Avoid uploading highly sensitive or identifiable media to cloud-based processing tools that lack clear, end-to-end encryption guarantees.
• Enforce Phishing-Resistant MFA: Move beyond standard passwords and SMS-based verification. Implement Passkeys or hardware security keys across all critical accounts to neutralize the threat of credential stuffing and SIM swapping fueled by these massive data leaks.
• Third-Party Vendor Risk Assessments: Organizations utilizing AI-powered KYC or identity verification services must strictly audit their vendors’ data retention and cloud security policies (e.g., SOC 2 compliance) to prevent supply chain data exposures.

Secure Your Future with Brinztech — Global Cybersecurity Solutions

From AI startups and tech developers to global financial institutions, Brinztech provides the strategic oversight necessary to defend against evolving digital threats. We offer expert consultancy to audit your current IT policies, secure your cloud storage environments, and fortify your GRC frameworks, identifying critical misconfigurations before they can be exploited. Whether you are protecting an AI infrastructure or your customers’ sensitive biometric data, we ensure your security posture translates into lasting technical resilience—keeping your digital footprint secure, your assets private, and your future protected.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com