Niche dating apps leaking 845 GB user data

[German]It's a huge data leak caused by niche dating apps. Security researchers have found out that the apps provide user data publicly on the Internet – we are talking about 845 GB.


Advertising

I have already had the information for a few days. Security researchers from vpnMentor, led by Noam Rotem and Ran Locar, have discovered this data leak. A collection of apps is responsible for collecting the data. The applications are designed for people with alternative lifestyles and special preferences, such as cougars, queer dating, fetishes and group sex. At least one app was dedicated to people with venereal diseases like herpes. Here are the names of various apps:

Based on the research of security researchers, the applications have a common developer. As a result, the user data from each application was stored on a single Amazon Web Services (AWS) account. And this 845 GB data collection was accessible via the Internet without protection.

Hundreds of thousands, if not millions of users of more than eight dating apps are affected. The data leak includes over 20 million files created by these apps. Although the security researchers did not find names and email addresses in the files, they did find photos of faces and very intimate information about the app users. The researchers have found the following data:

  • Pictures and photos
  • Voice messages and audio recordings

Among the pictures and photos of users, the S3 buckets also contained screenshots that revealed a large amount of sensitive information. These included:

  • Private chats between users
  • supporting documents for financial transactions between users
  • Thank you messages to Sugar Daddies

The S3 buckets did not contain PII (Personally Identifiable Information) data. However, these can often be determined directly and indirectly from media files. Here are examples:


Advertising

  • Photos with visible faces
  • Names of the users
  • Personal details
  • Financial data

Security researchers estimate that there are at least 100,000, if not millions of users affected. The data is stored in the USA and other countries. The open AWS S3 bucket was discovered on 24 May 2020, the developer 3somes was contacted on 26 May 2020 and replied on 27 May. At the same time the data leak was closed on 27 May 2020. Further details can be read in this article.


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.