Multiple Chinese Dating Apps Focusing US Citizens Exposed 42.5 Million Records Through A Single Open Database

Amidst the “cold-war” between the US and China, comes this weird report. Allegedly, some Chinese dating apps specifically aimed at US citizens have leaked huge records online. The exposed data of 42.5 million records showed an obvious majority of US citizens’ details followed by other regions.

Chinese Dating Apps Data Exposed

Reportedly, researcher Jeremiah Fowler of Security Discovery stumbled upon an unsecured database exposing a huge amount of records. The publicly accessible database contained data belonging to some Chinese dating apps aimed at US citizens.

Elaborating on his findings in his blog post, Fowler stated that he found the unprotected Elastic database on May 25, 2019. The database contained various folders having name belonging to various dating apps that claim to have distinct developers each. As he stated,

What really struck me as odd was that despite all of them using the same database, they claim to be developed by separate companies or individuals that do not seem to match up with each other.

Fowler noticed that the majority of exposed records belonged to US citizens. Though they also had information about people from other regions as well. According to Jeff Stone,

The apps cited in the database do exist online. All of them have different focuses to attract more users. Namely, these include, Cougardating, Mingler, Fwbs, Christiansfinder, and TS (what Fowler assumes a Transsexual Dating App).

Regarding the kind of information exposed, Fowler explained that it contained details about lifestyle choices, sexual preferences, or infidelity. However, it did not expose any PII data or billing information. Precisely, the leaked details included usernames, IP addresses, age, and location, that may still be troublesome.

Leaky Database Remained Open…

Allegedly, the suspicious apps shared no contact legit information publicly. One of these sites even had fake data for Whois registration. The researcher could neither validate these details nor could contact them. As explained,

The address that was listed there was Line 1, Lanzhou and when trying to validate the address I discovered that Line 1 is a Metro station and is a subway line in Lanzhou. The phone number is basically all 9’s and when I called there was a message that the phone was powered off.

Still, he twice attempted to send alerts on the given email addresses. Nonetheless, after facing failures, he publicly disclosed the matter for awareness and possible notice by the developers. The leaky database referred herewith remained upon until the disclosure of Fowlers’ report.

We have published this article to raise awareness to the users of these apps who may be affected and hope to make the developers aware of the data exposure.

Let’s see whether the database goes offline anytime soon.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients