Dating site users around the world have been warned to check their security settings after a serious database breach left hundreds of thousands of accounts at risk.
The violation was caused by an Elasticsearch server that was found to have lost user data online without a password. This means that criminals may have gained access to a database of users who have signed up for online dating and e-commerce websites.
The database, which contained details from over 70 websites, went offline after almost a week, meaning it could potentially affect hundreds of thousands of users.
The leak was reported by researchers at vpnMentor, who were made aware of the breach following an anonymous tip-off from an anonymous ethical hacker.
This hacker had discovered a bug in the software of the email marketing company Mailfire that was being used by all the affected websites and opened millions of records including full names, age and date of birth, email address and IP addresses.
The database was estimated at 882.1
“Further investigation revealed that some of the websites uncovered in the data breach were scams designed to deceive men looking to meet women in different parts of the world,” noted vpnMentor.
The data leak came from an unsecured Mailfire Elasticsearch server. This server was connected to a notification tool that the company’s customers use to send marketing assets to website users, including notification of private chat messages.
vpnMentor contacted Mailfire after the leak, with the company acting immediately to secure the server and take full responsibility for the breach.
This isn’t the first time dating sites have been accused of losing user data online. Back in March, OKCupid was discovered to be losing user information online without their knowledge after researchers discovered it was possible to get the last location ID of any OKCupid user, which anyone can potentially use to determine where a user is at logged into the site and may reveal their home or work address.
In June, nearly 2.5 million records were released from niche dating websites, including explicit images, audio recordings, chat screenshots, and transaction information.
- Protect your online surfing with our list of the best VPN services out there