9 niche dating apps and hundreds of thousands of users exposed by leaky bucket

Data leak

A clutch of dating apps, mostly catering to specific niche audiences, have been the subject of a data breach involving nearly one terabyte of private information, left on an unsecured server.

The nine dating sites affected, which appear to be from a single developer are: 3somes, CougarD, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, GHunt and Herpes Dating.

Although it hasn’t been confirmed that all nine are indeed sister-sites, the name and address of the developers often tally up, and the design language is similar enough.

The culprit appears to be a familiar one to techie types – a ‘misconfigured bucket’ in Amazon Web Services (AWS). In other words, a data store that should have been robustly secured, but was left without said security.

This has been the cause of a raft of data breaches over the years, because securing them does not happen automatically and many developers either forget, or assume protection is enabled by default. Not only was user data exposed, the actual hosting infrastructure for each of the apps was also accessible.

According to VPNMentor, which found the bucket, there were 20,439,463 files exposed, with the number of users affected ‘estimated to be 100,000s’, all over the world.

Some of the content included photos, many of them explicit, as well as ‘private’ chats between users, financial transactions and audio recordings.

After VPNMentor contacted one of the site developers, it found that the data for all the sites was secured, further fueling speculation that this is a single developer.

If you use any of the above apps, the best thing to do is contact the developer for advice. Usually, we’d recommend changing your password, but as no theft has been confirmed (the data was exposed, it’s impossible to know if it was taken yet), no breach has affected the front-end of the sites, and the sites are now secure, it hardly seems worth it.

The question now will be whether any of the data has made it into the public domain before it was discovered. Hopefully, VPNmentor’s belief that it found the bucket in time proves to be true.

SEXTECHGUIDE has contacted the (presumed) developer for comment. We’ll update this story if there is a response.

READ NEXT: How did online dating turn into such a hot mess?

Affiliate Disclosure

Some articles contain affiliate links that allow us to earn money to help pay for the site if you decide to purchase any of these products or services, at no extra cost to you. Affiliate links have no relation to review ratings or other editorial coverage.

Full Affiliate Policy
(opens in Pop-Up)
Affiliate Links

SEXTECHGUIDE may sometimes include affiliate links that provide us with a small amount of money (at no additional expense to you) if you purchase any of the services or products covered in news, reviews, or other written articles.

Any articles that include affiliate links always include an affiliate disclosure for full transparency.

Review Policy

Review scores and other coverage is provided entirely impartially whether it includes affiliate links or not. Our only editorial aim is to provide as accurate information as possible for readers based on our own experiences and knowledge.

As an independent publication, we pride ourselves on the assessments, summaries and reviews that we provide, regardless of whether a product has been purchased by SEXTECHGUIDE, or provided via public relations for an honest review on the site.

We may review devices that are received free-of-charge – we never guarantee reviews for devices sent to us, nor do we provide positive reviews in exchange for devices or access to digital services.

Our editorial policy and independence is vitally important to us. It has been crafted drawing upon more than 13 years publishing experience – we wouldn’t jeopardise this reputation for a free product of any kind.

Sponsored Posts

We do not currently offer sponsored posts of any kind, and would never offer sponsored reviews.

If you have any questions about our affiliate policy, please get in touch via contact[email protected]

Leave a Reply