Leaky bucket exposes dodgy dating app data

1
Chris M
Updated October 13, 2022
Published September 18, 2020
We may earn a commission via links on our site. Why support us?

As if 2020 wasn’t challenging enough for dating, we’ve seen several major security alerts for a range of dating apps – and it’s, unfortunately, time to add another to the list.

This time, the data – all 882GB of it, including tons of personal information – was found on an unsecured Elasticsearch Database (yes, it’s another leaky bucket story) by an ethical hacker who passed it to security researchers at vpnMentor.

The database in question didn’t actually belong to a dating app per se, but rather a third-party Cyprus-based marketing company by the name of Mailfire, which around 70 affected apps use for their communication systems – push notifications, for example.

Mailfire was informed of the issue on August 31, and immediately fixed the problem, closing it to public access, as it should have been all along.

Unlike with previous recent leaks, the Mailfire database appears to have been in constant use, with new records appearing daily, right up until the day of disclosure including full names, date of birth, location, IP address, contact details and photos. In short, the whole nine yards. In total, 320bn records were in plain sight in the database.

Worse still, private communications between users were also captured, and a lot of the ones we saw were… very NSFW.

The sites involved appear to come from a few companies, offering a variety of niche dating services. The important thing is that these are said not to be from any particular country, but rather worldwide.

The ‘good’ news, such as it is, appears to be that many of the stolen records were fake anyway – a combination of catfishing, chatbots and fake celebrity profiles. vpnMentor speculates that some of the sites were specifically set up for catfishing and scamming.

As far as we can tell, there’s no evidence that the Mailfire server data has been exploited, and given the rather flaky nature of much of what they found, the risk is minimal, but it is there, so if you’re in any doubt, change your passwords on dating sites you use.

Unfortunately, there isn’t currently a list of all the sites affected, beyond the fact that they appear to be listed in data havens such as Nevada and British Virgin Islands. If we’re able to get a list, we’ll add it below.

Mailfire has already stated that it accepts all responsibility for the leak, and that the dating app clients are not to blame. Though based on what vpnMentor discovered, it sounds like users of these sites may have had a lucky escape.

Read Next: 9 niche dating apps and hundreds of thousands of users exposed by leaky bucket

Topics mentioned in this article dataDating AppsSecurityUser Data
Article by
Chris M has worked in technology journalism for over a decade, and brings his nerdy expertise to looking at what goes on under the hood of sex tech.With over a decade of expertise in his field, Chris brings a nerdy perspective to his exploration of the fascinating world behind the scenes. His articles have graced the pages of renowned publications such as Engadget, TechRadar, AskMen, and The Register.
Get in touch
On the same topic…
  • bluesky adult content guide

    Bluesky adult content: Every feature that keeps your feed exactly how you want it

    Ben/
    November 13, 2024
  • Ethical dilemmas of ai in sextech

    Ethical dilemmas of AI in sextech: Balancing technological advances and consent

    Stu N/
    October 1, 2024
  • DATING APP UPDATES

    Dating appdates (August 2024): ChatGPT vs ‘fake’ heights, SIMS get catfished, GPS safety concerns, and more

    Jamie F/
    August 18, 2024
By the same author…
  • Watch Porn on Google TV / Android TV

    How to watch XXX videos on Google TV, Android TV, and Android Media Players (AMP)

    Chris M/
    April 11, 2022
  • Instructions for how to sideload apps and watch porn on Amazon Fire TV devices.

    Amazon porn: How to find, install and watch XXX videos on Fire TV (Stick, Box, Cube and TV)

    Chris M/
    January 13, 2023
  • Emjoy

    Erotic audio app Emjoy lands $3m in funding as sextech goldrush continues

    Chris M/
    August 17, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *