Over 100m more dating site records found in ‘leaky buckets’

Filed in
0
Chris M
Updated October 13, 2022
We may earn a commission via links on our site.
Why support us?

Another group of dating sites have fallen victim to the ‘leaky bucket’ problem, spilling millions of user records from unsecured servers as they did so.

Researchers from security company WizCase discovered a group of databases open to the internet, without even a password protecting them. Although AWS, (which featured in a similar leak recently) is one of several database vendors involved – some of the unsecured data was stored by Elasticsearch and MongoDB – showing that this is far from being an ‘Amazon problem’.

Affected apps were: CatholicSingles.com (USA/50,000 entries), SPYKX.com (South Korea, 3,700 profiles and 120,000 GPS coordinates), YESTIKI (USA, 4,300 entries), Blurry (USA, 77,000 entries) and Charincharin/kyuunkyunn.com (Japan, 102 million entries).

Although, based on these figures, the majority of victims are likely to be Japanese, activity on many of these sites covers multiple countries, particularly on those sites with servers in the US.

Much of the data will be out of date, but there are also records from as recently as last year, which could well be still in use.

Data leaked varies betweens sites but can include anything from full names, addresses and phone numbers, billing information, passwords in clear text, location data, and even personal details, such as eye color and preferences.

Perhaps more worrying is that WizCase says it has stumbled upon more leaky buckets that it is still working to identify, but all of which contain sensitive information which should not have been left unprotected.

At present, the dating apps are yet to comment, but there are steps you can take straight away if you think you may have been affected.

The simplest is changing your password – even if you’ve not used the site for years – and anywhere else you re-used that password. Then stop re-using passwords. It’s not clear whether WizCase believes that this data has been compromised, or if they got to the data before any damage was done.

Read Next: Privacy 101: How to keep your browsing and other online activity as private as possible

Article by
Chris has worked in technology journalism for over a decade, and brings his nerdy expertise to looking at what goes on under the hood of sex tech.With over a decade of expertise in his field, Chris brings a nerdy perspective to his exploration of the fascinating world behind the scenes. His articles have graced the pages of renowned publications such as Engadget, TechRadar, AskMen, and The Register.
Get in touch
Chris M Avatar
Related articles
  • Digital Intimacy Coalition

    Sex-positive industry coalition calls out ‘critical gap’ in EU AI regulation

    Jamie F/
    October 7, 2024
  • Quest3S

    Meta Quest 3S launch brings end of other Quest 3 models

    Jamie F/
    October 6, 2024
  • womanizer vibe silent

    Womanizer launches Vibe, its first ‘silent’ lay-on vibrator

    Jamie F/
    October 4, 2024
  • California AI performer bill

    California AI replica bill shields adult performers from exploitation

    Jamie F/
    October 3, 2024
  • dating appdates sep 2024

    Dating appdates (September 2024): Anti-f***boy app, sober dating, Bumble AI, and more

    Jamie F/
    October 2, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *