Cybersecurity

Dating app data breach potentially affected millions of users, researcher reports

Around 2.3 million records were exposed, researcher Jeremiah Fowler said.
article cover

Dianna "Mick" McDougall; Getty Images/Kumklao Dithasiri, Coneyl Jay

ByEoin Higgins

· less than 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Information from a dating app server was recently exposed, a researcher revealed on July 17, potentially disclosing sensitive information from apps serving upward of 50 million users.

The breach was discovered by Jeremiah Fowler, a cybersecurity researcher. Fowler published his findings with vpnMentor, an online safety site.

The information was primarily on the 419 Dating App - Chat & Flirt app, a subsidiary of Hong Kong company Siling App. The two other dating apps whose information was breached were Meet You - Local Dating App, a subsidiary of Enjoy Social App, and Speed Dating App For American, from MyCircle Network Corp.

Despite the severity of the breach exposing approximately 2.3 million records, Fowler told SC Media it’s unknown whether the data was disseminated to bad actors.

“We have no way of knowing if malicious actors gained access,” Fowler told the outlet, adding, “At this point there is no indication the data has made it to the usual underground markets.”

The data exposed in one database, by the numbers:

  • 2,357,896 records in a 340.6 GB package
  • 959,571 user images, including pictures of faces and NSFW photos
  • In just one server log of the 600 in the database, Fowler saw email addresses including 236,681 from Gmail, 15,703 from Yahoo, and 3,872 from iCloud. “Remember this was only a sampling of one server log out of 600 from the folder db_backup,” Fowler wrote.
  • More than 500 sex workers offering services, including email addresses, phone numbers, and social media profiles

Fowler accessed the database in April 2023. He told SC Media the data was “easily cross referenceable,” potentially allowing hostile actors to connect photos and contact information. The sensitive content of the databases makes the exposure that much more dangerous, Fowler said.

“The volumes of adult content exposed raise serious risks,” Fowler said. “In the wrong hands this data could open a user to extortion attacks, social engineering scams and harmful privacy violations.”

Days after Fowler notified Siling App of the breach through a disclosure notice, the database was secured. The company never replied to the disclosure.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.