This however is not the first time when a misconfigured AWS bucket has exposed such a trove of sensitive data online. The team claims that this wasn’t a data hack per se but a “careless way of storing sensitive information online.” See: Gay dating app Grindr shared user HIV & location data with third-parties One of the apps was built mainly for people suffering from Herpes and other types of STIs. The exposed data belonged to niche dating apps developed for people with unusual dating preferences and fetishes such as queer dating or group sex. “Using the images from various apps, hackers could create effective fake profiles for catfishing schemes, to defraud and abuse unwary users,” researchers noted in their blog post. “Photos with visible faces, users’ names, personal and financial data … could all be used to unmask an individual.” Moreover, part of the leaked images is screenshots of financial transactions that can be used to launch a variety of fraud schemes.ĭespite that, there is no evidence of the data being accessed by a third-party but it is enough to commit extortion or fraud or launch viral attacks against the users. The combined screenshot shows what type of data has been leaked (Credit: VPNmentor)Īlthough researchers claim that personally, identifiable information wasn’t part of the leaked data, cyber criminals can identify a user from the photos and other information. The team also identified that the source of origin for all the apps was the same, and many of them listed Cheng Du New Tech Zone as an app developer on Google Play. The database was discovered on May 24 and was secured by 27 May.
Researchers identified that unprotected AWS (Amazon Web Service) buckets are responsible for this massive data breach in which more than 20 million files (845 GB worth of data) containing sensitive information of hundreds of thousands of dating apps users got compromised.Īll the files were stored in a single, shared AWS bucket. See: Adult streaming site CAM4 leaks 7 TB of data with 11 billion recordsĭating apps affected by this leak include: The exposed data comprises of sexually explicit images, private conversations, audio recordings, and other types of sensitive data. VpnMentor’s security research team headed by Noam Rotem and Ran Locar has discovered an unprotected database online containing sensitive data of members of at least 9 datings and hook up apps.
The breach took place due to misconfigured AWS Bucket.