NRI Dunia
Think Outside The Box

Personal details of 70 adult websites users exposed online

Personal details of hundreds of thousands of users on over 70 adult dating and some e-commerce websites worldwide have been exposed online, security researchers said on Sunday.

The cybersecurity research team at vpnMentor which is world’s largest VPN review website found that the hacked websites were using the “same marketing software built by email marketing company Mailfire”.

“The software in question had been compromised through an unsecured Elasticsearch server, exposing people all over the world to dangers like identity theft, blackmail and fraud,” the report mentioned.

Upon further investigation, it turned out that some of the sites exposed in the data leak were scams, set up to trick men looking for dates with women in various parts of the world.

The leaky database that stored more than 882GB of log files was taken offline on September 3 after vpnMentor researchers tracked it down.

Each of the millions of notifications contained valuable and sensitive Personally Identifiable Information (PII) data for people using the affected websites to send and receive messages.

The leaked data revealed included full names, age and date of birth, gender, email addresses, locations of senders, IP addresses, profile pictures uploaded by users and profile bio descriptions.

Aside from the PII data, the leak also exposed conversations happening between users on dating sites affected.

“Mailfire acted immediately and secured the server within a few hours. Mailfire assumed full responsibility and insisted that the companies exposed were in no way responsible at all— and our research has also confirmed this to be true,” the report said.

Among the websites affected included a dating site for meeting Asian women, a premium international dating site targeting an older demographic.

It also appeared that many of the websites shared common owners.