2 min read

Data Breach: Bundle of Dating Apps Leaking Sensitive Information Discovered

Alina BÎZGĂ

June 17, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Data Breach: Bundle of Dating Apps Leaking Sensitive Information Discovered

Three misconfigured Amazon Web Services (AWS) S3 buckets leaking highly sensitive information from multiple dating apps and websites were discovered by vpnMentor researchers on May 25.

According to a report published June 16, the S3 buckets contained 845 gigabytes of data, with over 20 million files containing sensitive information from user accounts, including:

• Images and photos
• User names, personal details and financial data
• Voice messages and audio recordings
• Private chats between users
• Evidence of financial transactions

The bundle includes a variety of niche dating platforms such as 3somes, CougarD, Xpal, SugarD, GHunt and many more. Additionally, aside from the overflow of personal and highly sensitive user information, the misconfigured databases also exposed apps infrastructure through unsecured admin credentials and passwords.

“For ethical reasons, we never view or download every file stored on a breached database or AWS bucket. As a result, it”s difficult to calculate how many people were exposed in this data breach, but we estimate it was at least 100,000s – if not millions,” researchers said. “As ethical hackers, we”re obliged to inform a company when we discover flaws in their online security. We reached out to the developers, not only to let them know about the vulnerability but also to suggest ways in which they could make their system secure.”

The data leak could have devastating effects for users. Malicious actors can leverage the treasure trove of sensitive info for various forms of extortion and bullying, which could potentially turn into another AshleyMadison disaster. More than 30 million users were exposed following the 2015 data breach on the pro-adultery website, and blackmail scams were still resurfacing nearly 5 years after bad actors posted a data dump containing sensitive data on users.

You can also check if your private data has been exposed online! Use Bitdefender”s Digital Identity Protection tool to see where you stand at the moment and what the internet knows about you.

In the hands of seasoned cyber-criminals, the data can be used for more than just catfishing scams. Using the variety of information as a bargaining chip, blackmailers can start a profitable business. Nobody wants their secrets exposed on social media or to family and friends.

“With so many users from each app exposed in the data breach, criminals would only need to convince a small number of people to pay them for a blackmail and extortion scheme to be successful,” researchers warned. “In doing so, they could destroy many people”s relationships and personal and professional lives.”

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Are you stuck in password limbo? Time to secure your online accounts on World Password Day Are you stuck in password limbo? Time to secure your online accounts on World Password Day
Bitdefender

May 05, 2022

2 min read
Privacy update on Google Search: Tech giant says you can now remove search results mentioning your contact information Privacy update on Google Search: Tech giant says you can now remove search results mentioning your contact information
Alina BÎZGĂ

April 29, 2022

2 min read
Do you know the extent of your digital footprint? Do you know the extent of your digital footprint?
Alina BÎZGĂ

April 26, 2022

2 min read