Jeremiah Fowler writes:
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained approximately 2.3 million records. Upon further investigation, it became clear that these records were associated with multiple dating applications contained in a single database.
A majority of the records referred to an application called 419 Dating – Chat & Flirt. However, inside the database, I also saw information related to other dating apps called Meet You – Local Dating App by Enjoy Social App, and Speed Dating App For American by MyCircle Network Corp. The presence of what appeared to be logos and development files pertaining to these apps in the same database may be suggestive of the likelihood that all three dating apps are owned or developed by the same company using different names. There were also documents related to a couple of location-tracking applications found in the database, though we can’t assure they are related in any way to 419 Dating due to the lack of information available online that the companies are connected. According to multiple listings of software download sites, 419 Dating – Chat & Flirt is developed by a Chinese company called SILING APP (also visible in the web archive). I immediately sent a responsible disclosure notice and although the database was quickly secured no one ever replied. The app used to be available on the Google Play Store but was removed shortly after my notification. However, the app is still available on many other websites. Per its own advertisement campaign, the 419 Dating app claims to have 50 million users worldwide.
The database appears to contain a massive number of user records that include customer names, account numbers, emails, passwords, and more. In total, the database contained more than 600 compressed server logs.
Read more at vpnMentor.