Headero dating app leaks data exposing 4 million user records
Learn More
Headero, a popular hookup application is detected to be leaking customer data. Headero is a platform and mobile app operated by a company called ThotExperiment offering to connect users for intimate encounters and alternative dating experiences.
Cybernews researchers uncovered a MongoDB database left exposed to the internet without proper authentication. The database contained over four million private records, exposing explicit chat logs, group messages, detailed profile information, and precise GPS locations.
The app developers informed researchers that the unprotected instance was a test database, however Cybernews analysis indicates that it likely contained actual user data rather than test information.
The leak exposed over 4.4 million records across multiple categories, with 352,081 individual user records, 3,032,001 chat records, and 1,096,904 chat room records compromised. The exposed information included highly sensitive personal details that could be used for identity theft, blackmail, or targeted harassment campaigns against vulnerable individuals. Exposed data includes:
- Names
- Email addresses
- Social login IDs
- JWT authentication tokens
- Profile pictures
- Device tokens
- Exact GPS locations
- Sexual preferences
- STD status disclosures
After Cybernews reported the exposure, ThotExperiment secured access to the compromised user data. It's not clear whether any malicious actors accessed the exposed information before the database was secured.
The exposure highlights the particular vulnerabilities faced by users of alternative and queer dating applications, where privacy and anonymity are often critical for personal safety.
