EcoGPT Allegedly Exposed Through Unauthenticated Supabase Database Access

A threat actor claims EcoGPT exposed more than 20,000 shared AI conversations after an allegedly misconfigured Supabase database allowed unauthenticated access.
Screenshot of a forum post alleging an EcoGPT data breach, claiming unauthenticated access to a Supabase database exposed shared AI conversations affecting more than 13,000 users, with sample records blurred.
Forum post alleging an EcoGPT data exposure through unauthenticated Supabase database access. The threat actor claims to have extracted more than 20,000 shared conversation records affecting approximately 13,255 users. BreachNews has blurred sample data and has not independently verified the claims.

A threat actor has claimed to have extracted thousands of shared AI conversations from EcoGPT after allegedly discovering an unauthenticated database accessible through the company’s Supabase backend. The claims have not been independently verified by BreachNews.

Alleged database exposed through misconfigured backend

According to a forum post published July 12, the threat actor claims EcoGPT’s frontend exposed its Supabase project configuration, which is expected behavior for client-side applications. However, the actor alleges that one database table containing shared conversations could be queried without authentication due to improperly configured access controls.

The actor claims this allowed them to dump the platform’s shared_conversations table without obtaining valid user credentials or exploiting a software vulnerability.

More than 13,000 users allegedly affected

The alleged leak reportedly contains two files totaling approximately 160 MB. According to the forum post, the dataset includes more than 20,000 shared conversation records involving approximately 13,255 unique users.

The purported data includes conversation titles, timestamps, user identifiers, original conversation IDs, and complete shared chat histories. While the actor stated they were unable to locate a broader user database, the exposed conversations could still contain sensitive information voluntarily entered into the AI platform by users.

BreachNews has reviewed screenshots accompanying the claim but has not independently verified the authenticity or completeness of the alleged dataset.

AI platforms continue to face data exposure risks

The incident highlights the growing security challenges facing AI services built on cloud backend platforms such as Supabase, where improperly configured row-level security policies or database permissions can unintentionally expose application data.

Unlike breaches involving stolen credentials or malware, these incidents often stem from backend configuration errors that allow unauthorized users to directly query application databases.

BreachNews recently reported on the alleged Darsa AI breach, where a threat actor claimed to have obtained internal source code, credentials, and proprietary company data, underscoring the continued interest cybercriminals have in AI platforms.

Company has not publicly addressed the claim

At the time of publication, EcoGPT had not issued any public statement regarding the alleged exposure or whether an investigation is underway.

If confirmed, the incident would serve as another reminder that shared AI conversations may contain sensitive personal, business, or proprietary information, making backend access controls a critical component of AI platform security.

X
LinkedIn
Reddit
Telegram
WhatsApp
Threads
Facebook
Email
Print
Picture of m00s3c

m00s3c

Moose (@m00s3c) is the author of BreachNews, focusing on data breach intelligence, dark web monitoring, and threat analysis. His work involves analyzing breach claims, reviewing leaked datasets, and tracking threat actor activity to provide clear, factual reporting.

Latest News

Newsletter signup

Get the latest data breach and security news.

Please wait...

Thank you for signing up!

BREACHNEWS.COM/SUPPORT/

Support Independent News.

Help support breach monitoring, investigations, infrastructure, and reporting.

Support the site
INTEL.BREACHNEWS.COM

Live Cyber
Threat Map

Explore live cyber activity, recent breach reports, KEV alerts, and public threat feeds from a single interactive dashboard.

Launch Threat Map