An unsecured Elastic database located in China has leaked 42.5 million records of dating app users, most of them American. From a SC Magazine news article:
“The strange thing about this discovery was that there were multiple dating applications all storing data inside this database,” security researcher Jeremiah Fowler, who discovered the database, wrote in a blog post. “Upon further investigation I was able to identify dating apps available online with the same names as those in the database.”
Fowler said he was struck by the oddity “that despite all of them using the same database, they claim to be developed by separate companies or individuals that do not seem to match up with each other.”
One of the sites’ Whois registration “uses what appears to be a fake address and phone number. Several of the other sites are registered private and the only way to contact them is through the app (once it is installed on your device),” he said.
Fowler was able to quickly and easily find many of the users’ real identities. “The dating applications logged and stored the user’s IP address, age, location, and user names,” he wrote. “Like most people your online persona or user name is usually well crafted over time and serves as a unique cyber fingerprint.”
