Cutout.pro, a web-based AI image editing tool, was caught leaking 9GB worth of user data, which included usernames and images requested by using specific queries.
The discovery was made by Cybernews, who found an open ElasticSearch instance containing 22 million log entries referencing usernames, including individual users and business accounts.
However, since log entries contained duplicates, the total number of users affected is unclear. The instance also had information on the number of user credits, a virtual in-game currency, and links to Amazon S3 buckets, where generated images were stored.