A hacker utilizing the alias “vibecodelegend” is claiming accountability for breaching Cal AI, a smartphone software that makes use of synthetic intelligence to trace energy and dietary data. The alleged breach was introduced on Monday, March 9, 2026, by a submit on the cybercrime market BreachForums.
Cal AI has grown quickly in recognition resulting from its use of synthetic intelligence to assist customers observe energy by analyzing meals pictures and dietary data. The platform just lately attracted additional consideration after buying the broadly used health app MyFitnessPal, increasing its presence within the well being and vitamin monitoring market.
It’s value noting that MyFitnessPal itself suffered a large information breach again in March 2018 when the platform’s earlier proprietor, Underneath Armour, revealed that hackers stole private particulars of over 150 million customers.
As for the Cal AI information breach claims, within the discussion board submit, the person claimed to have obtained and leaked 12 GB of non-public information belonging to greater than 3 million customers of the favored well being and health app. In line with the hacker, the leaked dataset incorporates a variety of non-public and behavioral data collected by the app. The uncovered information allegedly contains dates of start, names, genders, usernames, social media profiles, PIN codes, subscription particulars, and bodily attributes corresponding to peak and weight.
The attacker additionally claims the database incorporates over 2.8 million distinctive electronic mail addresses, almost 1.2 million of which use Apple’s personal relay service (@privaterelay.appleid.com), a characteristic designed to cover customers’ actual electronic mail addresses when signing up for apps.
Along with private particulars, the dataset reportedly contains meal logs and calorie monitoring data, such because the occasions customers eat and different nutrition-related information. As a result of this data exhibits customers’ consuming habits and health-related patterns, it might expose delicate life-style particulars if verified.
Is the Knowledge Genuine? Cal AI But to Reply
Hackread.com contacted Cal AI by the corporate’s press contact web page on March 9, 2026, in search of affirmation or clarification relating to the claims. Nevertheless, no response had been acquired on the time of publication.
Hackread.com additionally analysed the information shared by the hacker. Whereas the authenticity of the information and the total extent of the alleged breach haven’t been independently verified on the time of writing, our evaluation exhibits sturdy indications that the claims could also be credible. Nevertheless, Cal AI stays the one authority that may formally verify or deny the incident. If confirmed, the breach might expose a major quantity of non-public and behavioral information linked to thousands and thousands of customers.
Hackread.com can even verify that this information is now being circulated on a number of Russian-speaking platforms, in addition to on Telegram channels notorious for circulating leaked information. Subsequently, for now, customers of Cal AI are suggested to stay cautious of suspicious emails and think about altering passwords related to accounts that use the identical electronic mail deal with till the corporate confirms whether or not the breach claims are respectable.
This text shall be up to date based mostly on Cal AI’s response. Keep tuned.
