Cybersecurity researcher Jeremiah Fowler discovered a non-password-protected database that contained approximately 2.3 million records associated with multiple dating applications contained in a single database.

A majority of the records referred to an application called 419 Dating – Chat & Flirt. However, inside the database, Fowler also saw information related to other dating apps called Meet You – Local Dating App by Enjoy Social App, and Speed Dating App For American by MyCircle Network Corp.

According to multiple listings of software download sites, 419 Dating – Chat & Flirt is developed by a Chinese company called SILING APP (also visible in the web archive).

The database appears to contain a massive number of user records that include customer names, account numbers, emails, passwords, and more. In total, the database contained more than 600 compressed server logs.

Buy Me a Coffee

When Fowler reviewed a single server log, he saw a massive amount of email addresses. Considering this was a limited sample, it is possible that the rest of the files contain many more emails. Should this information fall into the wrong hands, all these users could potentially be subjected to spam, phishing attacks, or other malware infections.

This screenshot from the Google Play Store shows what the user interface of the app looked like when it was available there.

What the database contained:

  • Total number of records: 2,357,896 with a total size of 340.6 GB
  • 959,571 images of users. Some of these images were NSFW (not safe for work) and contained sexually explicit images.
  • A single backup log contained 236,681 Gmail addresses, 15,703 Yahoo Mail accounts, 3,872 iCloud addresses, as well as many other addresses from various email providers.
  • The database also contained exposed Software Development Kit (SDK) files, which are packages or collections of software tools, libraries, documentation, and resources that developers use to create software applications for a specific platform or framework. This could lead to the creation of applications with hidden malicious functionalities or vulnerabilities.

According to the documentation of the 419 Dating app on the Google Play Store, this app requests access to the device’s storage. This means that, when you install it on your phone, the app can potentially read, modify, or delete your photos, media, files, device ID, call information, and anything else that you have stored on your device. The user agrees to allow the app to receive data from the Internet, get full network access, prevent devices from sleeping, view network connections, and change audio settings.

READ
Phemex Crypto Exchange Hit by $85 Million Security Breach