The 40+ dating platform Senior Dating has been the victim of a data breach, compromising the personal information of 765,517 users. The breach, linked to an exposed Firebase database, has raised serious concerns about protecting sensitive data in online matchmaking services.
The information exposed includes personal details such as email addresses, profile photos, genders, dates of birth, precise geographic locations, links to Facebook accounts, and details on users’ drinking and smoking habits, education levels, occupations, and relationship statuses. This granular data could be exploited for identity theft, fraud, or other malicious activities.
The breach, dated 23 November 2024, came to public attention after being added to the Have I Been Pwned (HIBP) database on 9 December the same year. Alongside Senior Dating, another website operated by the same entity, ladies.com, was also affected. Both platforms were immediately shut down in the wake of the announcement.
The fallout from this breach is ongoing. Users are urged to monitor their accounts for suspicious activity and exercise caution against phishing attempts or other scams exploiting the exposed information.
The Roll-On Effect
“This data breach has exposed a lot of highly sensitive information,” says Boris Cipot, Senior Security Engineer at Black Duck Software. “This sort of exposed data poses a potential risk for not only phishing but also identity theft, stalking, and targeted attacks on the impacted users. The exposed information could also potentially be used to target further contacts of the victim on social media accounts, for example.”
Although the platform has since shut down, Cipot says affected users should change any passwords on accounts, other platforms, or web services if they are the same, at once. Password reuse is not a good idea in general, as the attacker could now access more services and platforms because of a breach of a single account.
Set up MFA, Monitoring
Cipot also advises setting up Multi-Factor Authentication (MFA) to add another level of account protection. “Monitor all your accounts for any suspicious activity, including your bank accounts, credit cards, or even emails telling you that you ordered something or joined certain platforms. This could be a potential identity theft. Also, do not click on links in the emails or open attachments.”
Finally, he cautions against sending information like passwords, social security or credit card numbers, and other sensitive data over email. “No serious bank or service provider would request those over email. Watch out also for weird phone calls and WhatsApp messages. They could lure you into exposing your other personal data by using what they know about you from the exposed information. Review your privacy settings on your social media platforms and sign up for services that monitor your accounts and bank activities.”
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
