An unsecured Amazon Web Services (AWS) database leaked the personal information of hundreds of thousands of users of several niche and special interest dating apps.
Security researchers from vpnMentor discovered 845 gigabytes of user data from dating apps including 3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, and Herpes Dating in late May. Included in the exposed data were images, videos, photos, voice recordings, private chats, and usernames, as well as administrator credentials and passwords.
“[I]t’s difficult to calculate how many people were exposed in this data breach, but we estimate it was at least [in the hundreds of thousands] – if not millions,” stated the report of the researchers’ findings.
The unprotected data instance is assumed to belong to a single developer. While the identity of the developer has not been released, vpnMentor researchers indicated that the data was quickly secured once administrators of the affected apps were notified.
For anyone who thinks their information may have been compromised, it is crucial to keep in mind that the deeply personal nature of the leaked data, including diagnoses of sexually transmitted diseases, may increase the risk of blackmail or extortion scams.
“Any exposed PII data creates much more significant risks to users. Given the nature of many of these apps – in some cases involving financial transactions, fetishes, and STIs – having your presence on the app made public could create immense stress in your personal life,” the report stated. “With so many users from each app exposed in the data breach, criminals would only need to convince a small number of people to pay them for a blackmail and extortion scheme to be successful.”
Read the vpnMentor report here.