It has been reported that tens of millions of records about users of different dating apps have been discovered in a single database with no password protection. About 42.5 million records were exposed. Dating logs made up 38.3 million records, while 3.87 million consisted of “geonames.” Records were discovered by researcher Jeremiah Fowler, and were mostly about American users, based on accessible IP addresses and geolocation information. Other data included age, location, and account names. These findings are among the many examples of sloppy database security practices potentially impacting unsuspecting victims.
Nabil Hannan, Managing Principal at Synopsys:
“Leaky databases are getting a lot of attention lately. This buzz around databases that have been misconfigured and/or that are publicly available on the internet with sensitive data highlights the need for proper security configuration. Note that this need exists for all software and its various components.
In this particular case, there’s a lot of personal and private information that users trust dating sites with. Although the data that was leaked did not include anything sensitive, per se, it does have usernames (from which a person’s full name can often be inferred) along with age and location information. This information may be enough to allow attackers to cause some level of damage depending on the type of information publicly available about the people whose data have been leaked.”