UPDATED 22:08 EST / JUNE 15 2020

SECURITY

Niche dating app user data found exposed on misconfigured cloud instance

The records of hundreds of thousands of users of a range of niche data apps have been exposed online in the latest case of a misconfigured cloud instance.

Discovered by security researchers Noam Rotem and Ran Locar at vpnMentor and published today, the 845 gigabytes of data containing 2.5 million records related to dating apps, including 3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD and Herpes Dating.

The data included user profiles, images and photos, voice messages and audio recordings, private chats, financial transactions between messages and other data. Although the database did not include any personally identifiable information, photos with faces were visible along with personal and financial data.

The exposed data was discovered on May 24, with 3somes contacted May 26. The database was taken offline May 27.

The researchers do not identify the company behind the apps, but records on Apple Inc.’s App Store for 3somes indicate the developer is Chang’an Mao,  a name written in simplified Chinese. Chang’an is an ancient capital of China, while Mao, derived from Mao Zedong, is sometimes a slang term used to mean money because Mao appears on all Chinese banknotes.

A Google Play listing for Cougary doesn’t provide a company name but gives a location for the developer as being Wuhouqu in Chengdu, China. Since all of the apps appear to be from the same company, it’s fairly clear that the developer is a mainland Chinese company.

Matt Rose, director of application security strategy at application security testing firm Checkmarx Ltd., told SiliconANGLE that the breach is likely the result of a simple configuration error.

“Given that there is a rapidly-growing list of similar data exposure incidents, it begs the question about the underlying cause,” Rose said. “Is it that security is just not a priority for small development shops, or does the additional cost of security testing make the development efforts too expensive for smaller, niche organizations?”

Rose noted that it’s easy to whip up a mobile or software application but privacy and security are often overlooked. “Always ask yourself, ‘Do I trust my personal information to this unknown entity?'” he advised. “As a general best practice, stay with the most well-known and reputable apps and sites – whether for dating or any other use case – as they will often have a stronger track record of being stable and a more secure software backing.”

Image: Cougary

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU