Misconfigured Amazon server leaks 1 million user profiles and sensitive information from 5 dating Apps


Misconfigured Amazon AWS buckets leak sensitive data of CatholicSingles.com, YESTIKI.com, Blurry, SPYKX.com and Charincharin.net dating App users

We have been reporting how misconfigured Amazon AWS buckets leak confidential information stored on these servers. We had reported how a similar misconfiguration had exposed 845GBs of raunchy data including images, videos and love chat messages. Now security researchers at  WizCase have discovered 5 separate data leaks of personal information belonging to dating app users in the US, Japan, and South Korea.

The mistake- same Amazon AWS bucket misconfiguration. The data from 5 very popular dating Apps was easily accessed due to misconfigured and unsecured servers. The data leak contains confidential user information such as personal identifiable information (PII) and other sensitive data. The name of the five Apps which were affected by the data breach are:

• CatholicSingles.com – The misconfiguration leaked  17MB database exposed 50,000 records of US customers, including real names, email addresses, billing addresses, phone numbers, age, gender, occupation, education, payment methods, and activity levels. While many profiles were banned or canceled, the most recent login activity dates back to 2019, and analysts speculate these users could still be active on the platform.

• YESTIKI.com – This US-based dating app was found leaking 352MB of data, exposing the names, phone numbers, GPS location, user ratings, activity logs, and Foursquare secret key IDs of 4,300 users.

• Blurry (dating app hosted by hyperitycorp.com) – Approximately 70,000 records were exposed by the South Korean app. The database of 367MB contained private chat messages that included personal identifiable information such as Instagram user names and WhatsApp phone numbers.

• SPYKX.com (Congdaq/Kongdak app) – a 600MB leak of the South Korean dating app exposed the personal information of 123,000 users, including emails, phone numbers, clear-text passwords, and GPS data.

• Charin and Kyuun – two Japanese dating apps exposed the largest unsecured database. 57GB exposed more than 1 million user records, including email addresses and clear-text passwords, user IDs, mobile device information, and search preferences such as distance and age.

The leaked data could soon appear on image boarding websites like 4Chan or Dark Web hacking forums. The immediate concern is that hackers and cybercriminals may use this data to extort and stalk the dating app users which normally happens when adult websites data gets leaked. There is also a chance of identity theft.

If you are a user of any of the Apps listed above, it will be a good strategy to stop using them and delete all your images, videos, chats, and your profile from the App.


About Author

"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had." Eric Schmidt

Notify of
Inline Feedbacks
View all comments