Web application security specialists reported the finding of a database that stored tens of millions of user registers from several different dating apps. It is still unknown which individual or company operated this database.
Jeremiah Fowler, a web application security expert, recently reported the database, mentioning that it was fully exposed, because it did not even have a password. The compromised database (more than 42 million records) belongs to various applications and contains data such as IP address and user location details.
According to the experts in web application security, data belong to the following dating apps:
- Friends With Benefits (FWB)
Although there is not much information about the operators of the database, thanks to some text files found in it, experts believe that the owner could be a Chinese citizen or company.
In his report, the specialist says he’s surprised by some unusual details: “Although all of these apps use the same database, their developers claim to be completely different companies with no relation with each other. The WHOIS registration of one of these services apparently employs a fake address and phone number”, the expert mentions.
Specialized media have tried to contact the companies involved, although so far they have refused to comment on the incident. Jeremiah Fowler is really intrigued about the fact that the developers of these apps are evading to show themselves. “I do not accuse anyone of committing a crime, but it is suspicious that developers strive so hard to hide their identity”.
In addition to location data and user IP addresses, the database also contains personal information such as users’ name and age; the good news is that no personal identification information, such as the user’s full name, Social Security number or address has been found.
According to specialists from the International Institute of Cyber Security (IICS) reuse of access credentials on multiple platforms can be really useful for hackers when trying to identify a user with very little information. The expert analyzed a small sample of the compromised information, discovering that many of the access credentials had been previously used to access other platforms.
Since it has not been possible to contact the operators of the database, it is still exposed and accessible for any user.