Personal details of thousands of users on adult websites have been exposed online. According to security researchers, details of users on more than 70 adult dating and some e-commerce websites from across the world have been exposed. The websites that have been hacked were using the same marketing software built by email marketing company Mailfire, the cybersecurity research team at vpnMentor - world's largest VPN review website, said.
"The software in question had been compromised through an unsecured Elasticsearch server, exposing people all over the world to dangers like identity theft, blackmail and fraud," the report mentioned.
Upon further investigation, it turned out that some of the sites exposed in the data leak were scams, set up to trick men looking for dates with women in various parts of the world.
The leaky database that stored more than 882GB of log files was taken offline on September 3 after vpnMentor researchers tracked it down.
Each of the millions of notifications contained valuable and sensitive Personally Identifiable Information (PII) data for people using the affected websites to send and receive messages.
The leaked data revealed included full names, age and date of birth, gender, email addresses, locations of senders, IP addresses, profile pictures uploaded by users and profile bio descriptions.
Aside from the PII data, the leak also exposed conversations happening between users on dating sites affected.
"Mailfire acted immediately and secured the server within a few hours. Mailfire assumed full responsibility and insisted that the companies exposed were in no way responsible at all — and our research has also confirmed this to be true," the report said.
Among the websites affected included a dating site for meeting Asian women, a premium international dating site targeting an older demographic.
It also appeared that many of the websites shared common owners.
"At the beginning of our investigation, the server's database was storing 882.1 GB of data from the previous four days, containing over 370 million records for 66 million individual notifications sent in just 96 hours," the vpnMentor research team said.
"This is an absolutely massive amount of data to be stored in the open, and it kept growing. Tens-of-millions of new records were uploaded to the server via new indices each day we were investigating it".
Anyone who would have found this database would have been able to learn the identities of users who signed up on these dating sites and access their profiles to read private messages or see past connections, reports ZDNet.