Security News > 2020 > September > Cloud Leak Exposes 320M Dating-Site Records

Users of 70 different adult dating and e-commerce websites have had their personal information exposed, thanks to a misconfigured, publicly accessible Elasticsearch cloud server.

The data kept on the server was connected to a notification tool used by Mailfire's clients to market to their website users and, in the case of dating sites, notify website users of new messages from potential matches.

Interestingly, some of the impacted sites are scam sites, the company found, "Set up to trick men looking for dates with women in various parts of the world." The majority of the impacted sites are however legitimate, including a dating site for meeting Asian women; a premium international dating site targeting an older demographic; one for people who want to date Colombians; and other "Niche" dating destinations.

Perhaps more alarming, the leak also exposed conversations between users on the dating sites as well as email content.

"At the beginning of our investigation, the server's database was storing 882.1 GB of data from the previous four days, containing over 320 million records for 66 million individual notifications sent in just 96 hours," according to a Monday blog posting.

News URL

https://threatpost.com/cloud-leak-320m-dating-site-records/159225/