A group of dating websites exposed 2.5 million records including explicit images, audios, chats, and payment receipts of users. According to researchers, hundreds of thousands of users were affected as a result of poorly stored data.
The data was from nine dating sites that mainly cater to sexual activity, the sites include Xpal, BBW Dating, Cougary, Gay Daddy Bear, 3somes, Casualx, Herpes Dating, GHunt, and SugarD.
All these websites appear to be similar to one another and upon tracing were discovered to come from the same developer. Researchers Noam Rotem and Ran Locar say that the data got leaked in a misconfigured data storage resource. While this may not have happened on purpose, it could have handed hackers an easy way to do a major data breach. Data breaches usually contain email addresses and passwords that can do enough damage, but when data leaks from such sites it can easily lead to online abuse, doxing, and extortion. One of the apps, Herpes Dating, even stores information about the user's health.
“We were amazed by the size and how sensitive the data was. The risk of doxing that exists with this kind of thing is very real - extortion, psychological abuse,” said Locar.
When users share personal images and texts over an app they don't expect anyone to see it other than the one they are sending it to. And while developers have fixed the mess, no one knows if unauthorized parties grabbed the data during the time it remained exposed.
Since passwords remained unaffected, changing yours if you use those apps won't make much of a difference now. But updating it with something strong and unique is always a good idea.