Dating Apps User Information Leaked Online
|Dating Apps User Information Leaked Online|
|Short Title||Explicit Photos and Other Personal Information of Users Was Found Available Online|
|Taxonomy||Insecurity, Exposure, Breach of Confidentiality|
|Information||Identifying, Communication, Physical Characteristics, Sexual, Behavioral, Contact|
|Threat Actors||Cheng Du New Tech Zone, Amazon, 3somes app, Gay Daddy Bear app, Herpes Dating app, Cougary app, Xpal app, Casualx app, SugarD app, GHunt app|
|Affected||Users of dating apps|
|High Risk Groups||Medical Patient, LGBT|
845 GB of data including personal information of users of dating apps that cater specific groups and interests were found leaked online.
In June 2020 security researchers stumbled upon a collection of publicly accessible Amazon Web Services trove of data from a different specialized dating app, including 3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, Herpes Dating, and GHunt. This were 845 gigabytes of data and close to 2.5 million records, likely representing data from hundreds of thousands of users.
The information was particularly sensitive and included sexually explicit photosExposure and audio recordings, screenshots of private chats from other platforms and receipts for payments, sent between users within the app as part of the relationships they were building. As a user of one of these apps one doesn’t expect that others outside the app would be able to see and download the data.Breach of Confidentiality
All of the apps seemed to come from the same source, they were listed "Cheng Du New Tech Zone" as the developer on Google Play.
Security researchers claim, this isn’t an Amazon problem, but the problem of the organization that developed these apps messing up the configuration and sloppily storing the data. This is an example of Insecurity.
The data has since been secured.