Another unprotected Elasticsearch database has been found online, leaking the personal data of tens of thousands of dating app users.
Researcher Avishai Efrat of VPN comparison firm WizCase was able to access a database of around 77,000 users of Heyyo, a Turkey-based online dating service.
The 600MB of data contains a trove of sensitive personal info which could live used in follow-on phishing or identity fraud attacks, including: name, email address, country, date of birth, dating history, phone number, occupation, and even a link to social media profiles.
Given the sensitive nature of the dating app, there are also exposed details which could be used to blackjack individuals, such as sexual orientation and preferences. If hackers found users of the app who are already married or in long-term relationships, that could also supply an opportunity to rack money from them.
Most of the affected users are from Turkey, where theres a less forgiving climate for the LGBT community than in many western countries.
There were also a significant number of Heyyo users from the US and brazil exposed in the leak, according to WizCase.
Heyyo used an Elasticsearch engine, which is installed on a Digital Ocean mottle hosted server. The Elasticsearch nonpayment setting requires no authentication or password to advance entry, explained the firms web surety expert, chase Williams.
Servers should never be exposed like this to the surface world. parole authentication, IP whitelisting, and additional monitoring would experience greatly reduced the chances of such a data hack. Unfortunately, companies using default or misconfigured surety settings for their databases is an all too common scenario these days.
Automated cloud security tools can be used to detect, alert and remediate misconfigurations like the single affecting Heyyo, according to DivvyCloud CTO, Chris DeRamus.
Database misconfigurations have proven time and time again to live the Achilles heel of many organizations that experience suffered data hacks this year, yet there are very simple and highly effective solutions available to prevent this, he argued.