At WizCase, IT researchers detected privacy breaches and data leaks on dating apps in East Asia and US. Some user data that was found to be exposed included sensitive information of users; like their names, profiles, private messages, phone numbers and billing addresses. Misconfigurations on the database of the 5 dating apps led to the exposure of user data. Millions of profiles were leaked and the AWS buckets, Elasticsearch servers and MongoDB databases used to host those websites had been exposed to the public without security authentication or password protection.
These sites and apps were involved: Charin and Kyuun, YESTIKI, Kongdaq/Congdaq, Blury and CatholicSingles.
YESTIKI: This dating app in the US leaked user data in a breach; that included the phone numbers, real names as well as activity logs of users. 4300 records culminating to 325MB were leaked through MongoDB server.
Very sensitive information of users such as their age, payment methods, phone numbers, education, occupation, billing addresses, internet activity and physical activities were breached.
Charin and Kyuun
The Elasticsearch server used by the Charin and Kyun dating applications in Japan leaked 102,000, 000 customer records; that included sensitive user data such as personal preferences, email addresses, mobile device information IDs and cleartext passwords.
123,000 user records were exposed by this South Korean application through the Elasticsearch server. Sensitive data such as user gender, GPS location, date of birth and cleartext passwords were exposed.
The Elasticsearch server led to the breach of 70,000 user data on the Korean Blurry app.
WizCase believes that those data breaches could’ve been done through a process of collecting and storing information given by users; known as ‘Web Scrapping’.
Exposed data can lead to a huge menace when the data is used by malicious individuals who can create cases of harassment, blackmail, identity theft and even stalking.
To keep your data safe, ensure that your passwords are complex, give little information on dating apps/websites; avoid using one password for all your accounts and be careful of the information you give out on websites and applications.