If you’re using or planning to use a dating app, think again. The security of your personal information could be compromised.
A researcher discovered that a non-password protected database has exposed 42.5 million records of people using various dating apps in the U.S.
The database is in the U.S., but the researcher found indications that it might be owned by someone in China. He said he also found it suspicious that the app developers had gone to “great lengths to hide their identity or contact details.”
Targeted apps and concealed identities
Security researcher Jeremiah Fowler discovered the database. In a blog post, he identified the targeted dating sites as Cougardating, Christiansfinder, Mingler, and Fwbs (Friends with benefits).
It struck Fowler as odd that all the apps were on the same database even though they claimed to be separate sites created by different companies or individuals.
Komando.com attempted to contact the affected sites. An email to Christiansfinder bounced back.
For Cougardating, Mingler, and Fwbs, contact information is supposed to be available only when the app is downloaded onto your device. With Mingler, which is only available on iPhone, Komando.com found that a dating profile had to be set up first before even being allowed to view the site.
Fowler wrote that in his search to find out who owned the database, he found only one domain registration with an address and phone number. The address was Line 1, Lanzhou — a subway line in Lanzhou, China. When he called the phone number, he was greeted with a message saying the phone was powered off.
“I am not saying or implying that these applications or the developers behind them have any nefarious intent or functions, but any developer that goes to such lengths to hide their identity or contact details raises my suspicions,” Fowler wrote. “Call me old fashioned, but I remain skeptical of apps that are registered from a metro station in China or anywhere else.”
What type of information was exposed?
Luckily, the database does not contain billing information but it does contain the user’s IP address, age, location, and user name. Many people used the same user name on several dating sites.
“Just like a good password, many people use it again and again across multiple platforms and services,” Fowler wrote. “This makes it extremely easy for someone to find and identify you with very little information.”
More troubling for users who think they are anonymous on the site is the identifiable data could make information about sexual preferences, lifestyle choices or infidelity open to the public.
As of this writing, the database remains publicly accessible.