Hundreds of thousands of people using niche dating and hookup apps have had their profiles and data leaked online in an unsecured database.
The database held more than 20 million files totalling 845GB and included “incredibly sensitive” images, details of user profiles, private conversations and audio recordings.
- See how using a VPN can help you stay anonymous online
- The best antivirus software: stay protected on your devices
- Just in: Look out, online gamers - hackers want your passwords and accounts
The database was discovered by VPNMentor, and the dating apps included 3somes, CougarD, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, Herpes Dating, GHunt and more.
The VPNMentor researchers said: “The apps were built for people with alternative lifestyles and particular tastes, such as ‘Cougars', queer dating, fetishes, and group sex. At least one app was dedicated to people with STIs, such as herpes.”
They believe that the apps have a common developer as they’re stored on the same AWS account and their websites all look similar. The S3 bucket was named after each app.
The entire database was properly secured May 27, the day after VPNMentor told the administrators of the 3some app about the problem.
Users ripe for blackmail
VPNMentor warned users of such sites and apps that the exposed data may make it easy for cybercriminals to the use sensitive information to attack, bully and extort them.
“While the connections being made by people on ‘sugar daddy,’ group sex, hook up, and fetish dating apps are completely legal and consensual, criminal or malicious hackers could exploit them against users to devastating effect,” the report said.
“Using the images from various apps, hackers could create effective fake profiles for catfishing schemes to defraud and abuse unwary users.”
Developers must do more
VPNMentor criticised the developers, saying they could have avoided the leak by taking some basic security measures. These measured would have included securing servers, implementing proper access rules and never leaving a system that doesn’t require authentication open to the internet.
The researchers are advising users: “If you use any of the apps featured and are concerned about how this breach might impact you, contact the developers directly to find out what steps they’re taking to protect your data.”
- Read more: Get affordable online protection with these cheap VPNs