Cyber security news for all

More

    User-sensitive Data Leaked by 5 Dating Apps

    At WizCase, IT researchers detected privacy breaches and data leaks on dating apps in East Asia and US. Some user data that was found to be exposed included sensitive information of users; like their names, profiles, private messages, phone numbers and billing addresses. Misconfigurations on the database of the 5 dating apps led to the exposure of user data. Millions of profiles were leaked and the AWS buckets, Elasticsearch servers and MongoDB databases used to host those websites had been exposed to the public without security authentication or password protection.

    These sites and apps were involved: Charin and Kyuun, YESTIKI, Kongdaq/Congdaq, Blury and CatholicSingles.

    YESTIKI: This dating app in the US leaked user data in a breach; that included the phone numbers, real names as well as activity logs of users. 4300 records culminating to 325MB were leaked through MongoDB server.

    CatholicSingles

    Very sensitive information of users such as their age, payment methods, phone numbers, education, occupation, billing addresses, internet activity and physical activities were breached.

    Charin and Kyuun

    The Elasticsearch server used by the Charin and Kyun dating applications in Japan leaked 102,000, 000 customer records; that included sensitive user data such as personal preferences, email addresses, mobile device information IDs and cleartext passwords.

    Kongdaq/Congdaq

    123,000 user records were exposed by this South Korean application through the Elasticsearch server. Sensitive data such as user gender, GPS location, date of birth and cleartext passwords were exposed.

    Blurry

    The Elasticsearch server led to the breach of 70,000 user data on the Korean Blurry app.

    WizCase believes that those data breaches could’ve been done through a process of collecting and storing information given by users; known as ‘Web Scrapping’.

    Exposed data can lead to a huge menace when the data is used by malicious individuals who can create cases of harassment, blackmail, identity theft and even stalking.

    To keep your data safe, ensure that your passwords are complex, give little information on dating apps/websites; avoid using one password for all your accounts and be careful of the information you give out on websites and applications.

    Recent Articles

    Unauthorized access at Scalable Capital

    There has apparently been unauthorized access to individual data at Scalable Capital. The company informed its customers about the incident by mail yesterday, referring...

    The US accuses Russian officers of being in charge for cyber attacks

    The US government has brought charges against Russians who are alleged to have been involved in various cyber attacks as officers of the military...

    Twitter changed its rules for dealing with hacked data

    On Friday night, access to Twitter was disconnected for about two hours. The Chief Engineer announced that the reason was a rebuild in the...

    Norway sees Russia as the perpetrator of the cyber attack

    "It is important that our government refuses to send the Russians a clear sign that we do not know," said the Norway government. According...

    Phishing mail with an incorrect form for Corona bridging aid

    The representation of the European Commission warned of a phishing attempt targeting small and medium sized enterprises. Under the pretext for corona bridging aid,...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox