Connect with us

Hi, what are you looking for?

Social Media

Dating app suffers data leak exposing its entire userbase (Includes interview)

Online dating app Heyyo’s server was not password protected and and issue with the server led to the app’s entire userbase being exposed online. The data exposed included the following, according to ZDNet:

Names, Phone numbers, Email addresses, Dates of birth, Gender, Height, Profile pictures and other images, Facebook IDs for users who linked their profiles, Instagram IDs for users who linked their profiles, Longitude and latitude, Who liked a user’s profile, Liked profiles, Disliked profiles, Superliked profiles, Blocked profiles, Dating preferences, Registration and last active date, and Smartphone details.

The unsecured server was discovered by security researchers at WizCase. What is of greatest concern is that the exposed information included user location, meaning that bad actors could leverage this info to stalk impacted users.

Commenting on the data breach to Digital Journal, Eve Maler, vice president of innovation & emerging technology, ForgeRock, says that the type of serve is noteworthy: “Heyyo joins Glynk as another dating app to suffer from a significant data leak due to an exposed Elasticsearch database.”

She also notes the significance of the information: “The leaked user data is more than enough information for hackers to launch spear-phishing or extortion campaigns—where bad actors leverage users’ dating life and habits as blackmail—similar to the Ashley Madison extortion scheme. This instance shows how in addition to cyber threats, there are real-world, physical dangers that can result from security issues.”

In terms of lessons for businesses, Maler says security is key: “Many Elasticsearch database breaches and leaks stem from organizations leaving their servers unprotected with no password. However, with cybercriminals constantly crafting and innovating sophisticated attacks, an organization’s security efforts should not stop there.”

In terms of enhanced security, she recommends: “Online dating services and all other organizations need to take the extra step to safeguard their databases by investing in comprehensive identity and access management tools. By deploying a modern identity and access management (IAM) solution that provides intelligent, contextual and continuous security and has the capability of demanding further identity validation after detecting abnormal behavior, like multifactor authentication (MFA), companies can ensure the safety of their data and maintain the trust of their users.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Life

There is no stated power in the US Constitution to regulate human reproduction.

Social Media

The United Nations on Thursday launched a campaign against gender-based violence on the internet, complete with the symbol ⓑ.

World

As the Christmas party season gets underway in Britain, Boris Johnson's government is struggling with mixed messages on Covid-19.

Business

European equities wavered Friday as dealers tracked Omicron news and awaited key US data, while oil prices surged.