Over 100m more dating site records found in ‘leaky buckets’

0
Data leak

Another group of dating sites have fallen victim to the ‘leaky bucket’ problem, spilling millions of user records from unsecured servers as they did so.

Researchers from security company WizCase discovered a group of databases open to the internet, without even a password protecting them. Although AWS, (which featured in a similar leak recently) is one of several database vendors involved – some of the unsecured data was stored by Elasticsearch and MongoDB – showing that this is far from being an ‘Amazon problem’.

Affected apps were: CatholicSingles.com (USA/50,000 entries), SPYKX.com (South Korea, 3,700 profiles and 120,000 GPS coordinates), YESTIKI (USA, 4,300 entries), Blurry (USA, 77,000 entries) and Charincharin/kyuunkyunn.com (Japan, 102 million entries).

Although, based on these figures, the majority of victims are likely to be Japanese, activity on many of these sites covers multiple countries, particularly on those sites with servers in the US.

Much of the data will be out of date, but there are also records from as recently as last year, which could well be still in use.

Data leaked varies betweens sites but can include anything from full names, addresses and phone numbers, billing information, passwords in clear text, location data, and even personal details, such as eye color and preferences.

Perhaps more worrying is that WizCase says it has stumbled upon more leaky buckets that it is still working to identify, but all of which contain sensitive information which should not have been left unprotected.

At present, the dating apps are yet to comment, but there are steps you can take straight away if you think you may have been affected.

The simplest is changing your password – even if you’ve not used the site for years – and anywhere else you re-used that password. Then stop re-using passwords. It’s not clear whether WizCase believes that this data has been compromised, or if they got to the data before any damage was done.

Read Next: Privacy 101: How to keep your browsing and other online activity as private as possible

Affiliate Disclosure
Some articles contain affiliate links that allow us to earn money if you decide to purchase any of these products or services. This does not cost you any extra money, and it allows us to continue to run this website. Affiliate links have no relation to review ratings or other editorial coverage. You can read the full policy here.

Tags:

Chris M

Chris M

Chris has worked in technology journalism for over a decade, and brings his nerdy expertise to looking at what goes on under the hood of sex tech.

Be the first to leave a comment

Leave a reply