Skip to Content
Security & privacy

Dating apps expose millions of sensitive records

If you’re using or planning to use a dating app, think again. The security of your personal information could be compromised.

A researcher discovered that a non-password protected database has exposed 42.5 million records of people using various dating apps in the U.S.

The database is in the U.S., but the researcher found indications that it might be owned by someone in China. He said he also found it suspicious that the app developers had gone to “great lengths to hide their identity or contact details.”

Targeted apps and concealed identities

Security researcher Jeremiah Fowler discovered the database. In a blog post, he identified the targeted dating sites as Cougardating, Christiansfinder, Mingler, and Fwbs (Friends with benefits).

It struck Fowler as odd that all the apps were on the same database even though they claimed to be separate sites created by different companies or individuals.

Komando.com attempted to contact the affected sites. An email to Christiansfinder bounced back.

For Cougardating, Mingler, and Fwbs, contact information is supposed to be available only when the app is downloaded onto your device. With Mingler, which is only available on iPhone, Komando.com found that a dating profile had to be set up first before even being allowed to view the site.

Fowler wrote that in his search to find out who owned the database, he found only one domain registration with an address and phone number. The address was Line 1, Lanzhou — a subway line in Lanzhou, China. When he called the phone number, he was greeted with a message saying the phone was powered off.

“I am not saying or implying that these applications or the developers behind them have any nefarious intent or functions, but any developer that goes to such lengths to hide their identity or contact details raises my suspicions,” Fowler wrote. “Call me old fashioned, but I remain skeptical of apps that are registered from a metro station in China or anywhere else.”

 

Related: More apps are sending your personal data to Facebook without your permission

 

What type of information was exposed?

Luckily, the database does not contain billing information but it does contain the user’s IP address, age, location, and user name. Many people used the same user name on several dating sites.

“Just like a good password, many people use it again and again across multiple platforms and services,” Fowler wrote. “This makes it extremely easy for someone to find and identify you with very little information.”

More troubling for users who think they are anonymous on the site is the identifiable data could make information about sexual preferences, lifestyle choices or infidelity open to the public.

As of this writing, the database remains publicly accessible.

Komando Community background

Join the Komando Community!

Get even more digital know-how and entertainment with the ad-free Komando Community! Watch or listen to The Kim Komando Show on your schedule, read Kim's eBooks for free, and get answers in the Tech Forum.

Join Now