This month, WizCase researchers discovered 5 separate data leaks of personal information belonging to dating app users in the US, Japan and South Korea.
The data, which was easily accessed due to misconfigured and unsecure servers, included user information such as personal identifiable information (PII) and other sensitive data:
• CatholicSingles.com – a 17MB database exposed 50,000 records of US customers, including real names, email addresses, billing addresses, phone numbers, age, gender, occupation, education, payment methods, and activity levels. While many profiles were banned or cancelled, the most recent login activity dates back to 2019, and analysts speculate these users could still be active on the platform.
• SPYKX.com (Congdaq/Kongdak app) – a 600MB leak of the South Korean dating app exposed the personal information of 123,000 users, including emails, phone numbers, clear-text passwords and GPS data.
• YESTIKI.com – The US-based dating app was found leaking 352MB of data, exposing the names, phone numbers, GPS location, user ratings, activity logs, and Foursquare secret key IDs of 4,300 users.
• Blurry (dating app hosted by hyperitycorp.com) – Approximately 70,000 records were exposed by the South Korean app. The database of 367MB contained private chat messages that included personal identifiable information such as Instagram user names and WhatsApp phone numbers.
• Charin and Kyuun – two Japanese dating apps exposed the largest unsecured database. 57GB exposed more than 1 million user records, including email addresses and clear-text passwords, user IDs, mobile device information, and search preferences such as distance and age.
As with any data breach that could leak complete PII, the consequences are greatly amplified for victims. If cyber-criminals get their hands on the user’s full name, address and date of birth, it becomes easy for them to steal their identity.
Moreover, users are vulnerable to phishing and phone scams that can ultimately be used to steal financial data or harass friends and family members. Using the leaked data, bad actors could also attempt to extort victims, threatening to expose the user’s private information and activity on the dating apps.
It’s crucial for anybody active on these dating apps to immediately change their password, and review any personal information that was made available. Victims should also pay close attention to any unsolicited emails, and install a local security solution on their devices.