User data of thousands of adult dating site users leaked globally
This 882.1GB of leaked data included notifications contents, private messages, email content, PII data, authentication tokens and links of users from over 100 countries.
Personal data of more than thousands of users of adult dating sites and e-commerce websites have been leaked by a hacker According to the report in vpnMentor, 70 websites were breached and all of them used the same marketing software that has been built by an email marketing company called Mailfire.
The breach occurred through an unsecured Elasticsearch server that can make users vulnerable to fraud, identity theft, phishing scams, blackmail and extortion and website account takeover
About 882.1GB in size, the leaked data included notification contents, PII data, private messages, authentication tokens and links and email content. The PII data revealed included the full names of users, age, date of birth, email addresses, location, IP addresses, profile pictures and profile bio descriptions.
According to the vpnMentor report, the data leak was discovered on August 31 and the vendors were contacted on September 3. Mailfire responded to this instantly and secured their servers. The clients were informed the following day.
Mailfire has also taken full responsibility for the malfunction and has stated that the companies that have been affected are not responsible or involved in the breach in any capacity.
vpnMentor's investigation revealed that the 882.1GB of data that was leaked contained over 370 million records for 66 million individual notifications sent over 96 hours.
Users from over 100 countries have been affected by this breach including those from Afghanistan, Australia, Belgium, Canada, Estonia, France, Germany, Hong Kong, Israel, Japan, Kenya, New Zealand, Portugal, Qatar, Russia, Singapore, UK and the USA.
vpnMentor discovered through their investigations that many of the companies that owned websites they found on the server were “based in notoriously secretive ‘offshore' locations, such as the British Virgin Islands, Gibraltar, and Nevada, USA”. These particular sites were also appeared to have fake accounts, shady sign-up practices, chatbots etc.
“Based on the findings outlined above, we believe that some of the websites exposed in this data leak were set up primarily to scam men through catfishing and other forms of fraud,” wrote vpnMentor in its report.