Another group of dating sites have fallen victim to the ‘leaky bucket’ problem, spilling millions of user records from unsecured servers as they did so.
Researchers from security company WizCase discovered a group of databases open to the internet, without even a password protecting them. Although AWS, (which featured in a similar leak recently) is one of several database vendors involved – some of the unsecured data was stored by Elasticsearch and MongoDB – showing that this is far from being an ‘Amazon problem’.
Affected apps were: CatholicSingles.com (USA/50,000 entries), SPYKX.com (South Korea, 3,700 profiles and 120,000 GPS coordinates), YESTIKI (USA, 4,300 entries), Blurry (USA, 77,000 entries) and Charincharin/kyuunkyunn.com (Japan, 102 million entries).
Although, based on these figures, the majority of victims are likely to be Japanese, activity on many of these sites covers multiple countries, particularly on those sites with servers in the US.
Much of the data will be out of date, but there are also records from as recently as last year, which could well be still in use.
Data leaked varies betweens sites but can include anything from full names, addresses and phone numbers, billing information, passwords in clear text, location data, and even personal details, such as eye color and preferences.
Perhaps more worrying is that WizCase says it has stumbled upon more leaky buckets that it is still working to identify, but all of which contain sensitive information which should not have been left unprotected.
At present, the dating apps are yet to comment, but there are steps you can take straight away if you think you may have been affected.
The simplest is changing your password – even if you’ve not used the site for years – and anywhere else you re-used that password. Then stop re-using passwords. It’s not clear whether WizCase believes that this data has been compromised, or if they got to the data before any damage was done.