The primary app affected appears to be “419 Dating – Chat & Flirt,” but data from other apps, such as “Meet You – Local Dating App” by Enjoy Social App and “Speed Dating App For American” by MyCircle Network Corp, were also present in the database.
Cybersecurity researcher Jeremiah Fowler of VPNmentor has uncovered a major data breach that affects multiple dating applications. This breach has resulted in the exposure of a significant number of user records, raising serious concerns about user privacy and security.
Data Breach Details:
The data breach involves a total of 2.3 million records, which were found in a non-password-protected database. The primary app affected appears to be “419 Dating – Chat & Flirt,” but data from other apps, such as “Meet You – Local Dating App” by Enjoy Social App and “Speed Dating App For American” by MyCircle Network Corp, were also present in the database.
The presence of logos and development files from these apps suggests a potential connection between them, possibly indicating common ownership or development.
Exposed User Information:
The exposed database contains a vast array of user information, including customer names, account numbers, emails, and passwords. Alarmingly, it also contained 969,571 images of users, some of which were sexually explicit in nature. Furthermore, sensitive user information, such as sexual experiences and details about previous sexual encounters, were also exposed in user profiles.
Risks
According to VPNmentor’s report, the severity of the breach is further heightened by the presence of a significant number of email addresses from various providers, including Gmail, Yahoo Mail, and iCloud, within a single backup log. Moreover, the database includes records of over 500 profiles offering sexual services, along with associated phone numbers, email addresses, and social media accounts.
Software Development Kit (SDK) Files:
Another critical concern is the exposure of Software Development Kit (SDK) files, which could potentially lead to the creation of applications with hidden malicious functionalities or vulnerabilities. This poses a severe risk to users’ privacy and security.
Private Key Exposure:
One particularly alarming discovery by Jeremiah Fowler is the exposure of a private key associated with “419 Dating’s” Google API service account. A private key is a cryptographic secret, and if obtained by cybercriminals, it could grant unauthorized access to sensitive data and other resources related to the application.
Immediate Action Taken:
As soon as Jeremiah Fowler discovered the exposed database, he promptly sent a responsible disclosure notice to the Chinese company SILING APP, which developed “419 Dating – Chat & Flirt.” Consequently, the company took immediate action to secure the database, rendering the data no longer openly available.
Takeaway
The massive data breach affecting these dating apps highlights the critical need for robust cybersecurity measures to protect user information. Users are urged to be vigilant and consider changing their passwords, especially if they have used the affected dating apps. Additionally, developers must prioritize the security of their applications and databases to prevent such incidents in the future.
RELATED NEWS
- Z2U Market Leaked Access to Illicit Services and Malware
- Global Translation Service Leaked Sensitive Records Online
- 5 dating apps caught leaking millions of user-sensitive data
- Vulnerability in Bumble dating app risked data of 100m users
- Top Japanese dating app Omiai hacked; 1.71 million users at risk
- Database mess-up leaks 882GB of e-commerce, dating sites data