Large data breach at Popular Hookup app is leaking data about millions of users – see if you are safe
- Advertisement -
Related Posts
- Advertisement -
- Cybernews found an unspicked Mongodb copy that belonged to headers
- The database contained millions of records and PII
- It has been locked up since then, but users still have to be wary
Security researchers from Cybernews have reported that they have discovered a huge Mongodb copy that belonged to a dating and connection -app called headero.
The database contained more than 350,000 user records, more than three million chat records and more than a million chat room records.
Under the exposed data are names, e -mail addresses, social login -id -IDs, JWT -Tokens, profile photos, device tokens, sexual preferences, STD status and -extra carefully -Exact GPS locations.
No proof of abuse
Cybernews Handled to the developers of the app, a company -based company called Thotexperiment, which immediately locked the database. The company told the researchers that it was a test database, but the analysis of Cybernews indicates that it could have been real user data instead.
Unfortunately we do not know how long the database has remained open, and whether there have been any threat actors in the past. So far there is no evidence of abuse in the wild.
Human error that leads to exposed databases remains one of the most common causes of data breaches and breaches of security.
Researchers constantly scan internet with specialized search engines and find huge non-by-password-protected databases almost daily.
These leaks can jeopardize people because cyber criminals can use the information to adjust very convincing phishing attacks, so that they can use malwareSteal sensitive files and even commit wire fraud.
Main users are advised to be extra vigilant when receiving unsolicited messages, both via e -mail and via social platforms.
They also have to be careful not to download files or click on the left in such messages, especially if the messages have a sense of urgency with them. If they use the same password over multiple services, they have to change them and, where possible, delete sessions / withdrawal in apps.
Maybe you like it too
- Advertisement -
