A single database has exposed the records of tens of millions of users of dating apps. The database which was discovered by security researcher Jeremiah Fowler is not password-protected. Most of the affected users are Americans, as revealed by the IP addresses and geolocation details.
The Story of Another Leaky Database
On May 25th  I discovered a non password protected Elastic database that was clearly associated with dating apps based on the names of the folders. The IP address is located on a US server and a majority of the users appear to be Americans based on their user IP and geolocations.
The researcher also noticed Chinese text inside the database with various commands, pointing to its probable origin. The researcher, however, hasn’t revealed the exact location of the database. The most bizarre thing about the database is that it contained data taken from multiple dating applications.
Most of these dating apps are available online with the same names as the ones in the database. The weirdest thing however is that despite the apps using the same database, they claim to be developed by separate companies or individuals that do not seem to match up with each other, Fowler noted.
The Whois registration for one of the sites uses what appears to be a fake address and phone number. Several of the other sites are registered private and the only way to contact them is through the app (once it is installed on your device).
A total of approximately 42.5 million records were exposed. Dating logs made up 38.3 million records, while 3.87 million contained “geonames”.
“I am not saying or implying that these applications or the developers behind them have any nefarious intent or functions, but any developer that goes to such great lengths to hide their identity or contact details raises my suspicions,” Fowler explained. Nonetheless, he remains skeptical of apps that are registered from a metro station in China or anywhere else.
It’s important to note that the database didn’t contain any financial details. The original report also highlights that “at the time of publication the database was still publicly accessible.”