An unsecured AI image generator database exposed more than 1 million images and videos online, according to research reviewed by WIRED. Security researcher Jeremiah Fowler said the material was largely adult content, with some files appearing to involve children or the faces of children placed onto nude adult bodies.
The database was connected in Fowler’s research to websites including MagicEdit and DreamPal. The incident shows how quickly AI image tools can become a safety risk when generated media, uploaded photos, and edited outputs are stored without proper protection.
What the exposed database contained
Fowler said the exposed database held 1,099,985 records. He described the contents as “nearly all” pornographic in nature and said it was made up of images and videos, with no other file types observed.
According to Fowler, the “overwhelming majority” of the files involved nudity and were “depicted adult content.” Some appeared to be entirely AI-created, including anime-style imagery. Others were described as “hyperrealistic” and appeared to be based on real people.
That distinction matters because some files reportedly included unaltered photos of real people. Fowler said those images may have been used to create nonconsensual nude edits or face swaps involving naked bodies.
At the time he found the exposure in October, Fowler said around 10,000 new images were being added to the database every day. It is unclear how long the database had been accessible online.
Why the consent issue is central
The most serious concern is not simply that explicit media was stored insecurely. It is that AI image generation and editing tools can be used to create sexual images of people who never agreed to participate.
Fowler framed the issue around victims rather than the technology itself. “The real issue is just innocent people, and especially underage people, having their images used without their consent to make sexual content,” he said.
The source article places the database in a wider pattern of AI tools being used for malicious explicit imagery. It describes an ecosystem of “nudify” services used by millions of people and making millions of dollars per year. Those services use AI to make it appear that people, almost entirely women, are unclothed in photos.
The article also notes reports of criminals using AI to create child sexual abuse material, covering a range of indecent images involving children, have doubled over the past year.
The companies’ responses
A spokesperson for DreamX, which operates MagicEdit and DreamPal, told WIRED: “We take these concerns extremely seriously.” The spokesperson said SocialBook, an influencer marketing firm linked to the database, is run “by a separate legal entity and is not involved” in operating the other sites.
The DreamX spokesperson said the entities have “some historical relationships through founders and legacy assets” but operate independently with separate product lines. SocialBook also denied involvement.
“SocialBook is not connected to the database you referenced, does not use this storage, and was not involved in its operation or management at any time,” a SocialBook spokesperson tells WIRED.
Fowler’s report said the database indicated a link to SocialBook and included images with a SocialBook watermark. WIRED also reported that multiple SocialBook website pages that previously mentioned MagicEdit or DreamPal now return error pages.
DreamX said the bucket contained a mix of legacy assets, primarily from MagicEdit and DreamPal, and that SocialBook does not use it for operational infrastructure. The DreamX spokesperson also said “no operational systems were compromised.”
What happened after the report
After Fowler contacted the AI-image-generator firm, the DreamX spokesperson said access to the database was closed. The company also launched an “internal investigation with external legal counsel” and “suspended access to our products pending the investigation’s outcome.”
At the time of writing in the source article, the DreamPal website was unavailable and returned a 502 error. MagicEdit displayed the message: “We are temporarily suspending certain features of the product.” The same message also said: “During this period, the service may be unavailable.”
MagicEdit and DreamPal had been listed as owned by BoostInsider on Apple’s iOS App Store. MagicEdit, DreamPal, and two other AI apps listed by BoostInsider were no longer available on the App Store. A DreamX spokesperson said Boostinsider is a “defunct entity” and that the company “temporarily removed” the apps as part of restructuring and while “strengthening our content-moderation framework.”
The apps did not appear on Google’s Play Store. The source article says a Google community “expert” account had previously replied to a BoostInsider account that asked why two apps, including MagicEdit, were suspended, saying the apps included “sexually explicit content” or nudity. Google confirmed the apps had been suspended due to policy violations, and Apple said the apps had been removed from the App Store.
The larger lesson for AI image tools
The exposed database combines several risks in one case: explicit AI-generated content, possible use of real people’s photos, potential underage imagery, and open access to stored files. Each risk becomes more serious when a service is adding large volumes of media every day.
MagicEdit’s website, while online, did not appear to explicitly say it could be used to create adult explicit images. But Fowler wrote that its Apple App Store rating was listed as 18+. The site also showed an AI-generated image of a woman in a dress changing to a bikini and listed tools including “text to video,” video background removers, a “magic eraser,” face swapping, image expansion with AI, and an “AI Clothes” tool.
Fowler reported the exposed database to the US National Center for Missing and Exploited Children. A spokesperson for the center said it reviews all information its CyberTipline receives but does not disclose information about “specific tips received.”
For AI image generator companies, the case points to a basic reality: moderation, storage, and access control are not separate from product safety. When a tool can generate or alter intimate imagery, the way it stores outputs becomes part of the harm equation.