The records of hundreds of thousands of users of a range of niche data apps have been exposed online in the latest case of a misconfigured cloud instance.

Discovered by security researchers Noam Rotem and Ran Locar at vpnMentor and published today, the 845 gigabytes of data containing 2.5 million records related to dating apps, including 3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD and Herpes Dating.

The data included user profiles, images and photos, voice messages and audio recordings, private chats, financial transactions between messages and other data. Although the database did not include any personally identifiable information, photos with faces were visible along with personal and financial data.

The exposed data was discovered on May 24, with 3somes contacted May 26. The database was taken offline May 27.

The researchers do not identify the company behind the apps, but records on Apple Inc.’s App Store for 3somes indicate the developer is Chang’an Mao,  a name written in simplified Chinese. Chang’an is an ancient capital of China, while Mao, derived from Mao Zedong, is sometimes a slang term used to mean money because Mao appears on all Chinese banknotes.

A Google Play listing for Cougary doesn’t provide a company name but gives a location for the developer as being Wuhouqu in Chengdu, China. Since all of the apps appear to be from the same company, it’s fairly clear that the developer is a mainland Chinese company.

Matt Rose, director of application security strategy at application security testing firm Checkmarx Ltd., told SiliconANGLE that the breach is likely the result of a simple configuration error.

“Given that there is a rapidly-growing list of similar data exposure incidents, it begs the question about the underlying cause,” Rose said. “Is it that security is just not a priority for small development shops, or does the additional cost of security testing make the development efforts too expensive for smaller, niche organizations?”

Rose noted that it’s easy to whip up a mobile or software application but privacy and security are often overlooked. “Always ask yourself, ‘Do I trust my personal information to this unknown entity?'” he advised. “As a general best practice, stay with the most well-known and reputable apps and sites – whether for dating or any other use case – as they will often have a stronger track record of being stable and a more secure software backing.”

Image: Cougary