Mailfire data leak reveals data from adult sites

[German]There is once again a data leak to report, but it is likely to be minor for those affected – because security researchers have discovered the data leak. The marketing company Mailfire acting on Cyprus revealed data of over 70 eCommerce and adult sides.


Advertising

Security researchers from vpnmentor informed me about their new discovered. It concerns Mailfire, an email marketing platform and company used by various customers. The data leak revealed customer data from the sites in question. The provider has a larger customer base (see the following screenshot). 

Mailfire affiliates

Screenshot Mailfire homepage – Sep 3, 2020

According to Catalin Cimpanu, a cyber security expert who was provided with the vpnmentor report in advance, among the affected dating sites were Kismia, JollyRomance, Asia Charm and many others.

The Mailfire Data Leak

On an unsecured ElasticSearch server were logs of notifications sent by site owners to their users via Mailfire’s user software. The primary purpose of the notifications was to inform users of the dating sites of new potential matches. At the beginning of the investigation, the data leak included 882.1 GB (approximately 320 million records) of data from the last four days, including personal user information such as full names, age, date of birth, gender, email addresses and many others, as well as private messages. These included:


Advertising

  • Full names
  • Age and date of birth
  • Gender
  • E-mail addresses
  • User locations
  • IP addresses
  • Profile pictures uploaded by users
  • Profile Organic Descriptions

In addition to this personal information, the data leak also included messages exchanged between users on affected dating sites. During the investigation, vpnmentor security researchers found that some of these adult dating sites appeared to be fraudulent. The intention was probably to bait potential customers with fake profiles. Here is the timeline:

  • Data leak discovered: August 31, 2020
  • Reply received from Mailfire: September 3, 2020
  • Server secured: September 3, 2020
  • Customer company informed: September 4, 2020

If such personal data falls into the wrong hands, it potentially opens the door to phishers and fraudsters. The case is likely to be relevant to the DSGVO, as Mailfire is based in Cyprus and operates worldwide. Further details can be found in the vpnmentor report.


Advertising


This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *