A misconfigured Elasticsearch server is responsible for exposing data amounting to more than 370 million records.
Dating sites have recently started to increasingly become the target of malicious actors. This may be centered around how lucrative of a victim they are in terms of the data obtained.
Keeping this in mind, just today, a new report has been released by vpnMentor which investigates a new data leak of 70+ websites falling mainly into the dating niche along with including e-commerce sites as well.
What happened was that all of these 70 websites were using the very same email marketing company named Mailfire whose Elasticsearch server was found without any authentication required such as a password.
In essence, it was open for anyone to see and contained 882.1 GB of data amounting to more than 370 million records. When Mailfire was contacted regarding this, they accepted the researcher’s claim and acted to secure the server immediately.
The incident should not come as a surprise since Elasticsearch servers have a long history of exposing data online. Furthermore, misconfigured databases have exposed billions of sensitive records in the last couple of years.
In fact, the situation is so critical that according to a new poll, database configuration errors are the number one threat to cloud security.
On the other hand, the server was being used by these client companies of Mailfire to send notifications of private messages to their own users.
This, therefore, naturally included a lot of confidential data comprising of full names, email addresses, IP addresses, profile pictures & descriptions, gender, age, date of birth, and real conversations from over 100 countries globally.
The consequences of such a breach are obvious. Since the data leaked revolves around personally identifiable information (PII), attackers that may have accessed it can use it to blackmail users – especially with the messages revealed, conduct phishing and spam campaigns, and conduct other forms of social engineering attacks.
But this is not all. As the researchers point out, this could also be used as competitor intelligence with other companies “micro-targeting people via their PII data for highly effective marketing campaigns”.
The researchers have also released footage of their findings that show in-depth details of what was exposed:
To conclude, currently, all of the targeted websites should immediately inform their users and ask them to change any authentication details in order to secure their accounts.
Furthermore, they also need to be advised on looking out for phishing emails that they may receive in the future.
A good takeaway from all of this though would be that many of the user accounts on these sites were found to be fake.
Moreover, many sites also seemed like shady operations established to lure in unsuspecting users, and hence, we can’t say that everyone compromised was indeed a legitimate part of the system – if that helps as consolation!