Tweet
A group of niche dating websites has compromised the data of hundreds of thousands of users, according to security researchers.
Nearly 2.5 million records were exposed in all, including explicit images, audio recordings, chat screenshots and transaction information.
The data reportedly relates to users of nine dating sites, each of which caters to specific ****** proclivities: Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, 3somes, Herpes Dating and GHunt.
[ul]
[li]Forget sextortion scams, weāre more worried about deepfake ransomware[/li][li]Adult streaming site leaks info on millions of users[/li][li]Hereās why you shouldnāt watch āinappropriate contentā on work devices[/li][/ul]
The layout of each website is said to be similar, and a portion of those with accompanying Android apps list Cheng Du New Tech Zone as developer.
Dating website breach
The incident was discovered by researchers Noam Rotem and Ran Locar of vpnMentor, who say the data was exposed in a misconfigured Amazon S3 bucket - a type of cloud storage resource used by businesses to store large amounts of information.
While the exposed data did not include extensive personally identifiable information (PII) - such as names, phone numbers, addresses and login credentials - images could still be used by a committed hacker to establish a userās identity, opening the door to blackmail-based scams.
āWe were amazed by the size and how sensitive the data was. The risk of doxing that exists with this kind of thing is very real - extortion, psychological abuse,ā said Locar.
āAs a user of one of these apps, you donāt expect that others outside the app would be able to see and download the data.ā
One of the affected apps, Herpes Dating, caters to sufferers of sexually transmitted infections, meaning the breach could, by extension, have compromised information about usersā health too.
While the developer has now rectified the error, it is impossible to say whether unauthorized parties accessed the treasure trove of sensitive data during the period in which it remained exposed.
Another of the affected services, Casualx, told TechRadar Pro it disputes the vpnMentor report and denies its usersā data has been exposed.
āWe use Softlayer to store our usersā data and information. Softlayer is a product of IBM company. Casualx doesnāt share a common developer with other apps as vpnmentor.com mentioned. We donāt have the features as vpnmentor.com states: āvoice messages and audio recordingsā (sic),ā said the firm.
TechRadar Pro also requested comment from Cougary, Gay Daddy Bear, Herpes Dating and 3somes, none of which responded immediately.
[ul]
[li]Hereās our list of the best VPN services on the market[/li][/ul]
Via WIRED
Continue readingā¦
Nearly 2.5 million records were exposed in all, including explicit images, audio recordings, chat screenshots and transaction information.
The data reportedly relates to users of nine dating sites, each of which caters to specific ****** proclivities: Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, 3somes, Herpes Dating and GHunt.
[ul]
[li]Forget sextortion scams, weāre more worried about deepfake ransomware[/li][li]Adult streaming site leaks info on millions of users[/li][li]Hereās why you shouldnāt watch āinappropriate contentā on work devices[/li][/ul]
The layout of each website is said to be similar, and a portion of those with accompanying Android apps list Cheng Du New Tech Zone as developer.
Dating website breach
The incident was discovered by researchers Noam Rotem and Ran Locar of vpnMentor, who say the data was exposed in a misconfigured Amazon S3 bucket - a type of cloud storage resource used by businesses to store large amounts of information.
While the exposed data did not include extensive personally identifiable information (PII) - such as names, phone numbers, addresses and login credentials - images could still be used by a committed hacker to establish a userās identity, opening the door to blackmail-based scams.
āWe were amazed by the size and how sensitive the data was. The risk of doxing that exists with this kind of thing is very real - extortion, psychological abuse,ā said Locar.
āAs a user of one of these apps, you donāt expect that others outside the app would be able to see and download the data.ā
One of the affected apps, Herpes Dating, caters to sufferers of sexually transmitted infections, meaning the breach could, by extension, have compromised information about usersā health too.
While the developer has now rectified the error, it is impossible to say whether unauthorized parties accessed the treasure trove of sensitive data during the period in which it remained exposed.
Another of the affected services, Casualx, told TechRadar Pro it disputes the vpnMentor report and denies its usersā data has been exposed.
āWe use Softlayer to store our usersā data and information. Softlayer is a product of IBM company. Casualx doesnāt share a common developer with other apps as vpnmentor.com mentioned. We donāt have the features as vpnmentor.com states: āvoice messages and audio recordingsā (sic),ā said the firm.
TechRadar Pro also requested comment from Cougary, Gay Daddy Bear, Herpes Dating and 3somes, none of which responded immediately.
[ul]
[li]Hereās our list of the best VPN services on the market[/li][/ul]
Via WIRED
Continue readingā¦