A database misconfiguration leaked the profiles of 1.5 million people registered on several large dating sites all over the world.
1.5 Million Dating Users Exposed
Security experts from the MacKeeper Security Research Center discovered that a MongoDB database owned by C&Z Tech Limited has exposed data from its contents. The New Zealand company operates several popular dating sites including haveafling.co.nz, haveafling.mobi, haveanaffair.mobi and hookupdating.mobi and their relevant mobile applications.
The exposed database contained the login details of over 1.5 million users with their complete credentials in plaintext form – username and password combinations as well as personal information. This includes the date of birth, weight, race, height, gender, IP addresses, country of origin and other profile information.
MacKeeper has notified the operator about the issue. They responded with an email claiming that the data contained only test data. According to C&Z Tech Limited, this was done in a migration process from SQL to MongoDB. However, the details of the exposed data indicate that it is much more than sample test information. A careful analysis of some of the accounts shows that this is real user data.
The security experts advise all users of these dating sites to change their passwords to protect themselves from abuse from malicious users who might use their credentials. The other security problem is that the company did not invalidate the compromised passwords or notified the users about the data leak.