Video Chat App Leaks 100 Million User Messages

Tigo Live, a video chat app for iOS and Android, has suffered an issue resulting in the leak of over 100 million messages from the app’s community.

Security engineer Silas Cutler, along with vx-underground, broke the news yesterday that Tigo Live had exposed 101 million direct messages exchanged between users.

“If you use #TigoDating and sent DMs in the past few months, they may not be private anymore,” Cutler tweeted, sharing a number of redacted images to provide just enough details to prove that messages were indeed exposed.

“Tigo, a live video and chatting app for Android and iPhone, accidentally exposed 100,000,000+ user messages online,” cybersecurity collective vx-underground said. “The app is mostly known for dating & for dudes being thirsty.”

Tigo advertises itself as “The place to meet new people, showcase talents, and make friends all around the world!”

As highlighted by databreaches.net, the app’s developer claims no data is shared with third parties and that no user data is collected. The app’s description also mentions that data isn’t encrypted and that users can request the deletion of data at any time.

Based on the screenshots shared by Cutler, the app collects information like device ID, phone model, “google name,” and the person’s IP address.

It isn’t entirely clear how the leak occurred. A targeted hack cannot be ruled out. Tigo has yet to officially acknowledge the incident.