42 Million Dating App Records Exposed Online, Leaking User IP Addresses and Location Data

[steven36]

A database containing records of tens of millions of users of various dating apps has been found publicly accessible, according to a researcher who says it remains unclear who amassed the data.

 

 

In a blog Wednesday, security researcher Jeremiah Fowler said he discovered the database and that it was not protected by so much as a password. The 42.5 million records, which appeared to belong to multiple apps, were stored on a U.S.-based server and largely contained the IP addresses and location data of American users.

 

The apps to which the data belongs include Cougardating, Christiansfinder, Mingler, Fwbs (friends with benefits), and “TS,” which Fowler speculates is likely short for “transsexual.”

 

The database also contained Chinese text, he said, leading him to believe its owner is also Chinese.

 

“What really struck me as odd was that despite all of them using the same database, they claim to be developed by separate companies or individuals that do not seem to match up with each other,” he wrote in a blog post detailing his findings. “The Whois registration for one of the sites uses what appears to be a fake address and phone number.”

 

Gizmodo attempted reached out to Christiansfinder for comment, but the email address listed on its website bounced back. The other app developers could not be reached.

 

Fowler told CyberScoop that while he wasn’t implicating the developers behind the apps of doing anything nefarious, the fact that they’d gone to such lengths to conceal their identities was inherently suspicious.

 

In addition to IP and location data, the database includes users’ account names and ages. However, there was no personally identifiable information, or PII, a term that encompasses information such as real names, physical addresses, and Social Security numbers.

 

Fowler notes that a lot of people tend to reuse account names and that can be used as a type of fingerprint. “This makes it extremely easy for someone to find and identify you with very little information,” he said. “Nearly each unique username I checked appeared on multiple dating sites, forums, and other public places.”

 

Researchers generally wait until exposed databases are taken down before going public. But at time of writing, the database remains online, despite Fowler attempts to notify the host. He disclosed his discovery to raise awareness among users of the apps that their private data is leaking online.

 

Source

[The AchieVer]

Multiple Chinese Dating Apps Focusing US Citizens Exposed 42.5 Million Records Through A Single Open Database 

 

 

Amidst the “cold-war” between the US and China, comes this weird report. Allegedly, some Chinese dating apps specifically aimed at US citizens have leaked huge records online. The exposed data of 42.5 million records showed an obvious majority of US citizens’ details followed by other regions.

Chinese Dating Apps Data Exposed

Reportedly, researcher Jeremiah Fowler of Security Discovery stumbled upon an unsecured database exposing a huge amount of records. The publicly accessible database contained data belonging to some Chinese dating apps aimed at US citizens.

Elaborating on his findings in his blog post, Fowler stated that he found the unprotected Elastic database on May 25, 2019. The database contained various folders having name belonging to various dating apps that claim to have distinct developers each. As he stated,

What really struck me as odd was that despite all of them using the same database, they claim to be developed by separate companies or individuals that do not seem to match up with each other.

Fowler noticed that the majority of exposed records belonged to US citizens. Though they also had information about people from other regions as well. According to Jeff Stone,

A sampling of 10,000 users revealed that 8,063 were from the U.S., 356 were from the U.K., 219 from Canada and 151 from Australia and other random English-speaking countries, Jeremiah Fowler, who found the database, told me today.

— Jeff Stone (@jeffstone500) May 29, 2019

The apps cited in the database do exist online. All of them have different focuses to attract more users. Namely, these include, Cougardating, Mingler, Fwbs, Christiansfinder, and TS (what Fowler assumes a Transsexual Dating App).

Regarding the kind of information exposed, Fowler explained that it contained details about lifestyle choices, sexual preferences, or infidelity. However, it did not expose any PII data or billing information. Precisely, the leaked details included usernames, IP addresses, age, and location, that may still be troublesome.

Leaky Database Remained Open…

Allegedly, the suspicious apps shared no contact legit information publicly. One of these sites even had fake data for Whois registration. The researcher could neither validate these details nor could contact them. As explained,

The address that was listed there was Line 1, Lanzhou and when trying to validate the address I discovered that Line 1 is a Metro station and is a subway line in Lanzhou. The phone number is basically all 9’s and when I called there was a message that the phone was powered off.

Still, he twice attempted to send alerts on the given email addresses. Nonetheless, after facing failures, he publicly disclosed the matter for awareness and possible notice by the developers. The leaky database referred herewith remained upon until the disclosure of Fowlers’ report.

We have published this article to raise awareness to the users of these apps who may be affected and hope to make the developers aware of the data exposure.

Let’s see whether the database goes offline anytime soon.

 

 

 

 

Source

[Karlston]

Similar topics merged.