Skip to main content

Major data breach at popular hookup app leaks data on millions of users - see if you're safe

Web Hosting & Remote IT Support
  • Cybernews found an unescured MongoDB instance belonging to Headero
  • The database contained millions of records and PII
  • It has since been locked down, but users should still be on their guard

Security researchers from Cybernews have reported uncovering a massive MongoDB instance belonging to a dating and hookup app called Headero.

The database contained more than 350,000 user records, more than three million chat records, and more than a million chat room records.

Among the exposed data are names, email addresses, social login IDs, JWT tokens, profile pictures, device tokens, sexual preferences, STD status, and - extra worryingly - exact GPS locations.

However, Headero's developer, a company called TheThotExperiment, says Cybernews' information is not precise:

"Our investigation—under way in cooperation with the Office of the Privacy Commissioner of Canada—has already established several verified facts," the company told TechRadar Pro in an emailed statement.

"The internal testing (non-production) database held fewer than 200,000 registered-user records, not 4 million. Logs show a single access, by the researcher you quoted, and no data were downloaded. The misconfiguration was patched within hours of the 24 March disclosure; no passwords, payment data, or government IDs were ever at risk," they said.

No evidence of abuse

When Cybernews reached out to ThotExperiment, it immediately locked the database down. The company told the researchers that it was a test database, but Cybernews’ analysis indicates that it could have been actual user data, instead.

Unfortunately, we don’t know for how long the database remained open.

Human error leading to exposed databases remains one of the most common causes of data leaks and security breaches.

Researchers are constantly scanning the internet with specialized search engines, finding massive non-password-protected databases almost daily.

These leaks can put people at risk, since cybercriminals can use the information to tailor highly convincing phishing attacks, through which they can deploy malware, steal sensitive files, and even commit wire fraud.

Headero users are advised to be extra vigilant when receiving unsolicited messages, both via email and social platforms.

They should also be careful not to download any files or click on any links in such messages, especially if the messages carry a sense of urgency with them. If they are using the same password across multiple services, they should change them, and clear sessions / revoke tokens in apps, where possible.

Edit, June 13 - Updated to add TheThotExperiment's statement

You might also like



via Hosting & Support
Labels:

Comments

Post a Comment

Web Hosting
Remote IT Support
Sites & Socials
Computing Handbook - $9.95

Popular posts from this blog

Microsoft, Google, and Meta have borrowed EV tech for the next big thing in data centers: 1MW watercooled racks

Web Hosting & Remote IT Support Liquid cooling isn't optional anymore, it's the only way to survive AI's thermal onslaught The jump to 400VDC borrows heavily from electric vehicle supply chains and design logic Google’s TPU supercomputers now run at gigawatt scale with 99.999% uptime As demand for artificial intelligence workloads intensifies, the physical infrastructure of data centers is undergoing rapid and radical transformation. The likes of Google, Microsoft, and Meta are now drawing on technologies initially developed for electric vehicles (EVs), particularly 400VDC systems, to address the dual challenges of high-density power delivery and thermal management. The emerging vision is of data center racks capable of delivering up to 1 megawatt of power, paired with liquid cooling systems engineered to manage the resulting heat. Borrowing EV technology for data center evolution The shift to 400VDC power distribution marks a decisive break from legacy sy...
Post a Comment
Read more

When might Captain America: Brave New World be available to stream on Disney Plus?

Web Hosting & Remote IT Support Captain America: Brave New World has landed in theaters worldwide and I bet you're already wondering when it might debut on Disney Plus . Indeed, Marvel's latest movie has just taken flight in cinemas as of today (February 14), but, if you're not planning to watch it on the biggest screen possible, you'll want to know when it could come to Disney's primary streaming service. Right now, I can't tell you when it'll be released on one of the world's best streaming services . However, I can use some of its predecessors' Disney Plus launch dates to predict its arrival. Before you continue scrolling, though, read my Captain America: Brave New World review to see if it's worth watching, plus my Captain America: Brave New World hub and Captain America 4 cast and character guide for details on its cast, story, trailers, and more. When do we think Captain America 4 will debut on Disney Plus? You won...
Post a Comment
Read more