Data breach at dating and e-commerce websites: vpnMentor

Personal details of hundreds of thousands of users on over 70 adult dating and some e-commerce websites have been exposed online, security researchers at vpnMentor said on Sunday.
Online shopping items
The cybersecurity research team at vpnMentor, the world’s largest VPN review website, found that the hacked websites were using the same marketing software built by email marketing company Mailfire.

The software had been compromised through an unsecured Elasticsearch server, exposing people all over the world to dangers like identity theft, blackmail and fraud.

Some of the sites exposed in the data leak were scams, set up to trick men looking for dates with women in various parts of the world.

The leaky database that stored more than 882GB of log files was taken offline on September 3 after vpnMentor researchers tracked it down.

Each of the millions of notifications contained valuable and sensitive Personally Identifiable Information (PII) data for people using the affected websites to send and receive messages.

The leaked data revealed included full names, age and date of birth, gender, email addresses, locations of senders, IP addresses, profile pictures uploaded by users and profile bio descriptions.

Aside from the PII data, the leak also exposed conversations happening between users on dating sites affected.

Mailfire acted immediately and secured the server within a few hours. Mailfire assumed full responsibility and insisted that the companies exposed were in no way responsible at all — and research has also confirmed this to be true.

Among the websites affected included a dating site for meeting Asian women, a premium international dating site targeting an older demographic. vpnMentor did not reveal the name of the website. It also appeared that many of the websites shared common owners, vpnMentor said.

At the beginning of our investigation, the server’s database was storing 882.1 GB of data from the previous four days, containing over 370 million records for 66 million individual notifications sent in just 96 hours.

“Tens-of-millions of new records were uploaded to the server via new indices each day we were investigating it,” the vpnMentor research team said.

Anyone who would have found this database would have been able to learn the identities of users who signed up on these dating sites and access their profiles to read private messages or see past connections, reports ZDNet.