Dating sites are the best platforms for cyber criminals to steal data but why hack when data itself is available for the public.
The Security Research Center at MackKeeper discovered an unprotected and poorly configured database of New Zealand-based company C&Z Tech Limited. They run cheating and dating websites such as ”haveafling.mobi, haveafling.
It is unclear how the database was leaked online but the data stored in the leaked database is highly sensitive as it contains personal details of 1.5 million registered users. This includes usernames, date of birth, gender, weight and height details, race, country, IP address and most importantly plain text passwords.
Must Read: Hackers Leak 36 million+ MongoDB Accounts
The incident reminds us of massive data breaches that affected cheating sites like AdultFriendFinder, Ashley
Mac Keeper did notify the company but their reply was rather typical, simply claiming that the database was only out for few hours.
“Thanks for letting us know, the MongoDB database was only live for a few hours as we were testing migrating data from SQL to MongoDB, so most of them were just dummy data with randomly generated emails and passwords, and not our live database, we shut down the database about an hour ago, and there’re no data breach, only you guys had detected it.”
This is not the first time when a database containing such a massive private data has been found on the Internet for public access. In fact, In December last year a researcher from MacKeeper found 191 million US voter registration records due to a major security misconfiguration. The same team also found 3.3 Million Hello Kitty’s accounts, 13 Million MacKeeper accounts and Mexico’s entire voter database of 93.4 million voters due to a misconfiguration in the server.
Related: Hacker Selling Quarter Million State of Louisiana Drivers’ License Database
If you have an account on such dating sites remember to use different passwords for every website you login to.