Nine naughty dating apps left saucy user data online for all to see

dating app
(Image credit: Shutterstock)

Hundreds of thousands of people using niche dating and hookup apps have had their profiles and data leaked online in an unsecured database. 

The database held more than 20 million files totalling 845GB and included “incredibly sensitive” images, details of user profiles, private conversations and audio recordings.

The database was discovered by VPNMentor, and the dating apps included 3somes, CougarD, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, Herpes Dating, GHunt and more. None of the offerings in the best dating apps round-up by Tom's Guide were included in the database.

The VPNMentor researchers said: “The apps were built for people with alternative lifestyles and particular tastes, such as ‘Cougars', queer dating, fetishes, and group sex. At least one app was dedicated to people with STIs, such as herpes.”

They believe that the apps have a common developer as they’re stored on the same AWS account and their websites all look similar. The S3 bucket was named after each app. 

The entire database was properly secured May 27, the day after VPNMentor told the administrators of the 3some app about the problem.

Users ripe for blackmail

VPNMentor warned users of such sites and apps that the exposed data may make it easy for cybercriminals to the use sensitive information to attack, bully and extort them.

“While the connections being made by people on ‘sugar daddy,’ group sex, hook up, and fetish dating apps are completely legal and consensual, criminal or malicious hackers could exploit them against users to devastating effect,” the report said. 

“Using the images from various apps, hackers could create effective fake profiles for catfishing schemes to defraud and abuse unwary users.”

 Developers must do more

VPNMentor criticised the developers, saying they could have avoided the leak by taking some basic security measures. These measured would have included securing servers, implementing proper access rules and never leaving a system that doesn’t require authentication open to the internet.

The researchers are advising users: “If you use any of the apps featured and are concerned about how this breach might impact you, contact the developers directly to find out what steps they’re taking to protect your data.”

  • Read more: Get affordable online protection with a cheap VPN

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!