Design a site like this with WordPress.com
Get started

Dating Apps Exposed 845 Gigabytes of Users’ Dirty Laundry

Dating websites and apps certainly made it a lot easier for single people to “put themselves out there.” These services attract millions of users seeking to find their significant other or simply looking for a casual fling. And as their popularity grew, dating apps moved from general markets like young adults or the LGBTQ community to also targeting specific groups like beard lovers. Today, there is a dating app for everyone.

But with the latest data breaches and exposures, the last thing you want is dating apps leaking sensitive information, especially since it can be quite intimate and explicit. Yet, that was exactly what security researchers Ran Locar and Noam Rotem found when they were browsing the web. They came across a substantial collection of data that anyone could access on Amazon Simple Storage Services (S3).

Internet Privacy and Security Tips
Internet Privacy and Security Tips

Content originated from dating apps dedicated to specific interests, including Cougary, Gay Daddy Bear, and Herpes Dating. Overall, The researchers found 845 gigabytes of data in all Amazon “buckets,” which likely belong to around hundreds of thousands of users. It included sexually explicit photos and audio recordings, payment receipts and screenshots of chats from other platforms that users exchanged. “We were amazed by the size and how sensitive the data was,” revealed Locar.

The exposed data did not contain users’ real names, email addresses, birthdays, or any other type of identifying information. However, Rotem and Locar warned that cyber criminals can use photos to try and identify people, then exhort or publish the data online. “The risk of doxing that exists with this kind of thing is very real – extortion, psychological abuse,” said Locar.

In addition to Cougary, Gay Daddy Bear, and Herpes Dating, some of the other sevices that exposed data were 3somes, Xpal, Casualx, and SugarD. The researchers suspect that all these dating apps come from a single source. They all have the same layout, a simil;ar infrastructure, and most of them share the same developer on Google Play, which is “Cheng Du New Tech Zone.”

Two days after their discovery, Locar and Rotem contacted 3somes. A day later, they received a response from the company, and all the Amazon buckets were locked down simultaneously. Moreover, Wired tried reaching out to 3somes, Herpes Dating, and Cheng Du New Tech Zone, but received no reply.

So What Caused the Data Exposure?

All signs point out that this wasn’t a hack or cyberattack, but rather poor data storage and security. Nonetheless, this could be very risky for the users of these apps because anyone could have accessed the data before the researchers did. And dating apps reveal content much more intimate and sensitive than just names and email addresses, like sexually explicit pictures. Hackers would have a field day with such data as it allows them to blackmail, exhort, and psychologically torment victims.

“It’s so difficult to navigate. How much trust are we putting into apps to feel comfortable putting up that sensitive data—STD information, videos,” said Nina Alli, an executive director of the Biohacking Village at Defcon and biomedical security researcher.

There are several online sources that offer Internet privacy and security tips. VPNs, for example, encrypt your data and hide your IP address.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Website Powered by WordPress.com.

Up ↑

%d bloggers like this: