Wilson's Media

A Tech & Gaming Blog

Major data breach at popular hookup app leaks data on millions of users – see if you’re safe

  • Cybernews found an unescured MongoDB instance belonging to Headero
  • The database contained millions of records and PII
  • It has since been locked down, but users should still be on their guard

Security researchers from Cybernews have reported uncovering a massive MongoDB instance belonging to a dating and hookup app called Headero.

The database contained more than 350,000 user records, more than three million chat records, and more than a million chat room records.

Among the exposed data are names, email addresses, social login IDs, JWT tokens, profile pictures, device tokens, sexual preferences, STD status, and – extra worryingly – exact GPS locations.

No evidence of abuse

Cybernews reached out to the app’s developers, a US-based company named ThotExperiment, which immediately locked the database down. The company told the researchers that it was a test database, but Cybernews’ analysis indicates that it could have been actual user data, instead.

Unfortunately, we don’t know for how long the database remained open, and if any threat actors accessed it in the past. So far, there is no evidence of abuse in the wild.

Human error leading to exposed databases remains one of the most common causes of data leaks and security breaches.

Researchers are constantly scanning the internet with specialized search engines, finding massive non-password-protected databases almost daily.

These leaks can put people at risk, since cybercriminals can use the information to tailor highly convincing phishing attacks, through which they can deploy malware, steal sensitive files, and even commit wire fraud.

Headero users are advised to be extra vigilant when receiving unsolicited messages, both via email and social platforms.

They should also be careful not to download any files or click on any links in such messages, especially if the messages carry a sense of urgency with them. If they are using the same password across multiple services, they should change them, and clear sessions / revoke tokens in apps, where possible.

You might also like


Source

Cybernews found an unescured MongoDB instance belonging to Headero The database contained millions of records and PII It has since been locked down, but users should still be on their guard Security researchers from Cybernews have reported uncovering a massive MongoDB instance belonging to a dating and hookup app called…

Tags: ,
Previous Post
Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Archives