Security researchers have identified a leak on dating app Heyyo which allowed them to access private user data of 70,000 registered users globally.
Avishai Efrat, the leading hacktivist at Wizcase, found the data leak. The majority of users affected are those in Turkey, the US, and Brazil. Leaked data included user names, email address, GPS location, gender, date of birth, sexual preferences, profile pictures, and phone numbers among others.
Wizcase speculates that this occurred because Heyyo uses Elasticsearch engine installed in a Digital Ocean cloud. These do not require authentication or a password. Breaches are therefore more likely.
Efrat found a database containing 600MB of the users’ data which is publicly available.
Scammers accessing the data will be able to view the leaked details of individual users. In addition, user activity was leaked.
Big data leaks like this leave app users vulnerable to identity theft, catfishing, blackmail, sexual discrimination, and harassment as well as phishing.