Dating Apps Expose PII and Photos of through unprotected database
Take action: It's no comfort that the company secured the exposed database after it was publicly accessible for an unknown amount of time exposing massive amounts of sensitive personal information.
Learn More
Cybersecurity researchers are reporting a massive data breach impacting several dating applications. The breach exposed a staggering number of user records, raising serious concerns about how dating apps treat user security.
- What happened and Which Apps are Impacted?
The data breach encompassed 2.3 million records, all stored in a non-password-protected database. The primary app directly affected by the breach is "419 Dating – Chat & Flirt." However, the database also contained data from other apps like "Meet You – Local Dating App" developed by Enjoy Social App and "Speed Dating App For American" by MyCircle Network Corp. The presence of shared logos and development files among these apps indicates a possible connection between them, suggesting common ownership or development.
- PII data Exposed?
The breach exposed a vast array of sensitive user information, including
- customer names,
- account numbers,
- email addresses,
- passwords,
- 969,571 images of users, some sexually explicit,
- user profiles revealing intimate details about sexual experiences and past encounters.
All this leaves users vulnerable to potential blackmail or exploitation.
- Email Addresses and Sexual Services:
Numerous email addresses from various providers like Gmail, Yahoo Mail, and iCloud, were discovered within a single backup log. Additionally, the database included records of more than 500 profiles offering sexual services, complete with associated phone numbers, email addresses, and social media accounts, putting these individuals at significant risk.
- Software Development Kit (SDK) Files:
Software Development Kit (SDK) files added another layer of concern. These files could be exploited by cybercriminals to create applications with hidden malicious functionalities or vulnerabilities, posing a severe threat to user privacy and security.
- Private Key Exposure
One of the most troubling discoveries was the exposure of a private key linked to the Google API service account of "419 Dating." This private key, if obtained by malicious actors, could grant unauthorized access to sensitive data and resources related to the application, potentially leading to further breaches or misuse of data.
Upon discovering the exposed database, the security researcher notified the Chinese company SILING APP, responsible for developing "419 Dating – Chat & Flirt." Subsequently, the company took action to secure the database, making the data no longer openly accessible.
