Web application security specialists reported the finding of a database that stored tens of millions of user registers from several different dating apps. It is still unknown which individual or company operated this database.
Jeremiah Fowler, a web application security
expert, recently reported the database, mentioning that it was fully exposed,
because it did not even have a password. The compromised database (more than 42
million records) belongs to various applications and contains data such as IP
address and user location details.
According to the experts in web application
security, data belong to the following dating
apps:
- Cougardating
- Christiansfinder
- Mingler
- Friends With Benefits (FWB)
Although there is not much information about
the operators of the database,
thanks to some text files found in it, experts believe that the owner could be
a Chinese citizen or company.
In his report, the specialist says he’s
surprised by some unusual details: “Although all of these apps use the
same database, their developers claim to be completely different companies with
no relation with each other. The WHOIS registration of one of these services
apparently employs a fake address and phone number”, the expert mentions.
Specialized media have tried to contact the
companies involved, although so far they have refused to comment on the
incident. Jeremiah Fowler is really intrigued about the fact that the
developers of these apps are evading to show themselves. “I do not accuse
anyone of committing a crime, but it is suspicious that developers strive so
hard to hide their identity”.
In addition to location data and user IP
addresses, the database also contains personal information such as users’ name
and age; the good news is that no personal identification information, such as
the user’s full name, Social Security number or address has been found.
According to specialists from the International
Institute of Cyber Security (IICS) reuse of access credentials on multiple
platforms can be really useful for hackers when trying to identify a user with
very little information. The expert analyzed a small sample of the compromised
information, discovering that many of the access credentials had been
previously used to access other platforms.
Since it has not been possible to contact the
operators of the database, it is still exposed and accessible for any user.
