A recent data breach has exposed the personal details of users on an undisclosed private dating app. The breach occurred when an unprotected Amazon Web Services (AWS) S3 storage bucket belonging to the app was discovered by an independent researcher. The exposed database contained the names, email addresses, and geolocation data of over 260,000 users, as well as 340 gigabytes of pictures and messaging logs. The majority of the affected users were located in the United States and Canada.
The researcher, Jeremiah Fowler, notified the app’s developer, Siling App, immediately after discovering the data last April. The developer secured the database within weeks, but it is unclear how long it had been exposed prior to Fowler’s discovery. Fowler has warned that if the data were accessed by a malicious third party, it could have been cross-referenced to reveal the true identities of the users. He also emphasized the potential risks associated with the exposure of adult content, including extortion attacks and privacy violations.
Following the discovery, the 419 Dating app was removed from the Google Play marketplace and Apple’s App Store, although the Android version is still available on third-party app marketplaces. It is worth noting that development files for other dating apps called Meet You – Local Dating App and Speed Dating App For American were also exposed, but no personal user data from these apps were compromised.
Dan Elead, VP of Data at Laminar, emphasized the importance of data protection for dating apps. While consumers are urged to be cautious when choosing dating apps, Elead believes that app developers need to take responsibility for safeguarding user data. Dating apps typically contain sensitive information such as personally identifiable information (PII), chat histories, and medical statuses. Elead highlighted the need for automated monitoring and control of data to avoid similar data exposures in the future.
The issue of misconfigured cloud storage was also brought up by Aviral Verma, a threat intelligence analyst with Securin. Verma pointed out that misconfigured AWS S3 buckets have been a recurring problem for many companies, leading to data leaks. Limited IT resources and gaps in security measures contribute to these exposures. Verma stressed the importance of conducting routine checks and risk assessments to prevent the unauthorized access of sensitive user information.
In a separate incident, the city of Odessa, Texas, has announced an ongoing investigation into a data breach that occurred after the termination of a former city attorney’s employment. The breach involved unauthorized access to an email account belonging to the former city attorney, Natasha Brooks, who was fired last December. It was discovered that the intruder accessed multiple document databases and downloaded approximately 200 documents. The city’s mayor, Javier Joven, has authorized a criminal investigation into the breach.
The breach came to light after Brooks filed a complaint alleging racial discrimination in her termination. She has threatened to take legal action against the city. Another former official’s email account was also accessed, but their identity has not been disclosed. The Odessa Police Department, assisted by the Texas Attorney General’s Office, is leading the investigation into the breach.
In yet another data breach incident, cosmetics giant Estée Lauder Companies Inc. disclosed unauthorized access to some of its systems. The company believes the breach was a result of a ransomware attack and is currently investigating the extent of the compromise. Law enforcement authorities have been alerted, and both the Cl0p and BlackCat ransomware groups have claimed responsibility. Darren Williams, CEO and Founder at BlackFog, emphasized the shift in focus for cybercriminals from encryption to data exfiltration and extortion. He highlighted the need for organizations to adopt anti-data exfiltration technology to protect sensitive data and prevent future attacks.
Erich Kron, security awareness advocate at KnowBe4, highlighted the consequences and costs that a ransomware attack can impose on an organization. Production disruptions and data theft can lead to significant regulatory fines, especially for multinational companies. Kron emphasized the importance of technical security controls and educating employees to identify and report phishing emails, which are often the starting point for such breaches.
Overall, these recent data breaches serve as a reminder of the ongoing threats to user data security. Companies and app developers must prioritize data protection measures, including secure cloud storage configurations and employee training on cybersecurity best practices. As cybercriminals continue to evolve their tactics, organizations need to adapt and implement robust security measures to safeguard user data and prevent potential harm.