A major security breach in the AI image generation industry has exposed more than 1 million user-created images and videos, with the vast majority containing adult content and nudity. Security researcher Jeremiah Fowler discovered the unsecured database in October 2023, finding that approximately 10,000 new images were being uploaded daily to services including MagicEdit and DreamPal.
The exposed database contained disturbing content, including what appeared to be non-consensual ‘nudified’ images of real people and AI-generated explicit content featuring minors. Some images showed children’s faces superimposed onto nude adult bodies, raising serious legal and ethical concerns.
The Companies Behind the Breach
The compromised database was linked to several interconnected companies. DreamX, which operates MagicEdit and DreamPal, acknowledged the security incident. A DreamX spokesperson stated they ‘take these concerns extremely seriously’ and launched an internal investigation with external legal counsel after being notified of the exposure.
Though initially appearing connected, SocialBook (an influencer marketing firm) denied involvement, stating it ‘is not connected to the database’ and ‘does not use this storage.’ However, Fowler’s report indicated the database contained images with SocialBook watermarks, and several webpages linking SocialBook to MagicEdit or DreamPal returned error pages after the incident was reported.
Following the discovery, both MagicEdit and DreamPal websites became inaccessible, with MagicEdit displaying a message about ‘temporarily suspending certain features.’ The applications, previously available on Apple’s App Store under developer BoostInsider, have since been removed from both Apple and Google’s platforms.
The Nature of the Exposed Content
According to Fowler’s investigation, the database contained 1,099,985 records, with nearly all being pornographic in nature. The researcher noted a disturbing pattern: while some images were clearly AI-generated (including anime-style imagery), others were ‘hyperrealistic’ and appeared to be based on real people.
The exposed collection contained what Fowler described as ‘explicit, AI-generated depictions of underage individuals and, potentially, children.’ This prompted him to report the database to the US National Center for Missing and Exploited Children.
How These AI Tools Were Marketed
While MagicEdit didn’t explicitly advertise its ability to create adult content, its marketing had suggestive elements. The website featured an image of a woman whose dress changed to a bikini when processed through the AI. It offered various tools including ‘AI Clothes,’ face swapping, and image editing capabilities.
DreamPal was more explicit in its adult-oriented marketing, describing itself as an ‘AI roleplay chat’ where users could ‘create your dream AI girlfriend.’ The website contained SEO-targeted links referencing ‘AI Sexing Chat’ and ‘Talk Dirty AI,’ with an FAQ boasting about removing ‘NSFW AI chat filters that could hold you back from expressing your most intimate fantasies.’
The Growing Problem of AI Misuse
This incident highlights the expanding ecosystem of ‘nudify’ services that use AI to digitally remove clothing from photos, primarily targeting women. These services generate millions in revenue while enabling harassment and abuse. According to Fowler, this marks the third misconfigured AI image generation database he discovered in 2023 that contained non-consensual explicit imagery.
Reports of criminals using AI to create child sexual abuse material have doubled over the past year, demonstrating how quickly this technology is being weaponized for illegal purposes. Adam Dodge, founder of EndTAB (Ending Technology-Enabled Abuse), notes this reflects ‘apathy that startups feel toward trust and safety and the protection of children.’
Company Response and Aftermath
After being contacted about the security breach, DreamX claims they closed access to the exposed database and suspended their products pending investigation. The spokesperson insisted that ‘no operational systems were compromised’ and stated they ‘do not condone, support, or tolerate the creation or distribution of child sexual abuse material.’
DreamX described BoostInsider as a ‘defunct entity’ and claimed they temporarily removed their apps as ‘part of a broader restructuring’ while ‘strengthening our content-moderation framework.’ However, Google had previously suspended MagicEdit for violating policies regarding ‘sexually explicit content,’ suggesting ongoing issues with content moderation.
The incident underscores the urgent need for stronger regulation and oversight of AI image generation tools that can easily be misused for creating explicit content without consent. As Fowler notes, companies ‘have to have some form of moderation that even goes beyond AI’ rather than relying on users to police themselves.