As many as 42.5 million records of users of different dating apps were found in a single Chinese database that doesn’t have a password protection, a security researcher has said. Jeremiah Fowler on May 25 discovered a non-password protected Elastic database that was clearly associated with dating apps based on the names of the folders. Also Read - SpiceJet data breach affects 1.2 million passengers: Report
“The IP address is located on a US server and a majority of the users appear to be Americans based on their user IP and geo-locations. I also noticed Chinese text inside the database,” Fowler wrote in Security Discovery on Tuesday. Also Read - Facebook data leak exposes over 267 million users
The security researcher believed the database’s owner was also Chinese. “Upon further investigation, I was able to identify dating apps available online with the same names as those in the database. What really struck me as odd was that despite all of them using the same database, they claim to be developed by separate companies or individuals that do not seem to match up with each other,” Fowler added. Also Read - Airtel App flaw exposes user data of more than 32 crore subscribers
The database, however, did not include financial information. According to the CyberScoop, Fowler wasn’t implicating the developers behind the apps of doing anything nefarious, the fact that they’d gone to such lengths to conceal their identities was inherently suspicious.