2.3 Million Records Exposed in Dating App Security Breach

A massive leak of 2.3 million dating app records, including personal information from over 260,000 dating app users and 969,571 images and private chats were exposed to the public, according to SC Media.

The data breach included extremely sensitive information, including sexually explicit private photos, recollections of sexual experiences, and details about previous sexual encounters that were tied to dating app user profiles, according to Hack Read, a security news website.

The leak primarily affected users of 419 Dating – Chat & Flirt app, which is based in Hong Kong but has users around the world. Other apps were also compromised, including Meet You – Local Dating App and Speed Dating App for American by MyCircle Network Corp, but these are thought to be linked to the same group of developers as 419 Dating.

The exposed records were found in a non-password protected database, according to SC Media.

The compromised accounts also exposed personal information such as names, email addresses (including a majority of Gmail, Yahoo Mail and iCloud Mail accounts), and geolocation data, particularly of U.S. and Canadian users according to Hack Read. In addition, private messages and chat logs, audio files and pictures that were shared privately between users were exposed.

The data breach was found by researcher Jeremiah Fowler, co-founder of Security Discovery, and his findings were published by vpnMentor. According to Hack Read, when he discovered the breach, he notified 419 Dating’s developer SILING APP and the company took action quickly to secure the database.

Fowler noted one very disturbing finding in the breach – the exposure of a private key associated with 419 Dating’s Google API service account, according to Hack Read. If a private key is obtained by cybercriminals and hackers, it could grant unauthorized access to sensitive data, and potentially re-expose these dating app users to further security concerns. “We have no way of knowing if malicious actors gained access,” Fowler said. However, SC Media noted that so far, the exposed data hasn’t leaked on hacker forums that he is monitoring.

Fowler also encourages dating app users, especially those whose information was breached, to change passwords to protect themselves. He also said that developers need to prioritize the security of their platforms to prevent such massive breaches from taking place.

“The volumes of adult content exposed raise serious risks,” Fowler said to SC Media. “In the wrong hands this data could open a user to extortion attacks, social engineering scams and harmful privacy violations.”