Are you actively using dating apps? Then you may want to know that cybersecurity researchers just discovered 5 separate leaks of personal information of users of dating apps in the US, Japan, and South Korea.
According to WizCase researchers, the leaks have compromised user details, including sensitive and confidential information, such as real names, billing addresses, email addresses, phone numbers, private messages, among others. The total number of leaked details is in the millions. Furthermore, every affected server was easily accessible via the internet as they were all lacking passwords.
Which are the dating apps that were affected by the data leaks?
Here’s the list of the dating apps that suffered data leaks.
CatholicSingles.com — USA
50,000 entries detailing real names, billing addresses, email addresses, and other private user data were leaks, WizCase reported.
More specifically, the leaked user data included highly sensitive information, such as real names, email addresses, billing addresses, phone numbers, age, gender, occupation, and education. What is more, data detailing hair and eye color, payment methods, and activity levels was also exposed. The researchers noted that while many user profiles are banned or canceled, the most recent login discovered was in 2019, meaning that hese users could still be active.
SPYKX.com — South Korea
Approximately 3.7k user profiles and nearly 120k GPS data entries were leaks. “Data on the server included user data like email, cleartext passwords, phone numbers, date of birth, gender, and education. GPS data was also discovered which could potentially be linked to individual users via their internal IDs,” the researchers said.
YESTIKI.com — USA
Approximately 4.3k entries containing user information, activity logs, etc. “Leaked data from the MongoDB server included phone numbers, names, address and GPS location data of date venues, user ratings, activity logs, Foursquare secret key IDs,” WizCase noted.
Blurry dating app — USA
Approximately 77k private user messages were exposed.
All data recovered from the server involved private messages sent between users on the app. While there are no significant PII’s (Personally Identifying Information), personal information could potentially be correlated with internal IDs. Some messages were discovered containing personal information like Instagram handles and phone numbers.
Charincharin.net and kyuun-kyuun.com — Japan
Approximately 102 million entries were exposed including email addresses, mobile device information, and search preferences.
Charin and Kyuun are two different dating apps from what we suspect is the same company. Both websites are very similar in design and are sitting on the same EC2 Amazon server. Leaked data from both apps was found on the same breached server.
Considering the nature of the leaked data, affected users could be approached by various scammers and extortionists. Changing the passwords for breached accounts is the general recommendation for individuals affected in such incidents.
Not the First Time Dating Apps Expose PII of Users
In May 2019, the MobiFriends dating app exposed the personal information of 3,688,060 users.
MobiFriends’ user details were posted online and were available for download on multiple destinations. The security breach which caused the compromise of users’ personal details occurred in January 2019.
In May 2020, a single database exposed the records of tens of millions of users of dating apps. The database which was discovered by security researcher Jeremiah Fowler was not password-protected. Most of the affected users were Americans, as revealed by the IP addresses and geolocation details.