A hacker has anonymously reported to vpnmentor about a massive data leak consisting of users from more than 70 adult dating and e-commerce websites. Mailfire – an email marketing tool that was used by all these websites is responsible for this massive leak.
The hacker has discovered an unsecured Elasticsearch server which is leaking the data of dating site users. Hundreds of Thousands of users are affected due to the breach that was discovered on August 31.
The database was taken offline on September 3rd after notifying by vpnmentor.
Size of the leak
The size of the data available on the unsecured server was 882.1 GB with more than 320 million suspected data records. The data was exposed in the form of push notifications. The leaked server was a log of push notifications.
Push notifications are those real-time notification messages that a website sends to users who agreed to receive such messages.
According to vpnmentor, 66 million individual notification were sent in a time span of 96 hours. It is expected that the unprotected server becomes the victim of the ongoing “meow” cyberattacks campaign.
Each of the 66 million notifications contains Personally Identifiable Information (PII) of the users of the 70+ websites that were using the Mailfire services.
Leaked Sensitive Information
The leaked data contains Full Names, Age, Date of birth, gender, location of senders, Email addresses, IP addresses, and other profile related information like profile picture and description.
With the leak of the Authentication token, any profile can be opened easily without the need for a password. After opening any profile, the potential attacker can see the user’s private messages and interests.
The leaked server affects the users from more than 100 countries including USA, Afghanistan, France, Canada, Australia, Germany, HongKong, Japan, etc.
The leaked server has log reports of adult dating websites like Victoria Brides, WetHunt, Cum2Date, Asian Melodies, Julia Dates, Asia Charm, Betterme, etc.
If you are the user of any of the websites then it is advised to contact them and know more about the actions they have taken to protect your data and it is suggested to not fill private information on such dating sites.