Major data breach at popular hookup app leaks data on millions of users – see if you’re safe

Cybernews found an unescured MongoDB instance belonging to Headero
The database contained millions of records and PII
It has since been locked down, but users should still be on their guard

Security researchers from Cybernews have reported uncovering a massive MongoDB instance belonging to a dating and hookup app called Headero.

The database contained more than 350,000 user records, more than three million chat records, and more than a million chat room records.

Among the exposed data are names, email addresses, social login IDs, JWT tokens, profile pictures, device tokens, sexual preferences, STD status, and – extra worryingly – exact GPS locations.

No evidence of abuse

Cybernews reached out to the app’s developers, a US-based company named ThotExperiment, which immediately locked the database down. The company told the researchers that it was a test database, but Cybernews’ analysis indicates that it could have been actual user data, instead.

Unfortunately, we don’t know for how long the database remained open, and if any threat actors accessed it in the past. So far, there is no evidence of abuse in the wild.

Human error leading to exposed databases remains one of the most common causes of data leaks and security breaches.

Researchers are constantly scanning the internet with specialized search engines, finding massive non-password-protected databases almost daily.

These leaks can put people at risk, since cybercriminals can use the information to tailor highly convincing phishing attacks, through which they can deploy malware, steal sensitive files, and even commit wire fraud.

Headero users are advised to be extra vigilant when receiving unsolicited messages, both via email and social platforms.

They should also be careful not to download any files or click on any links in such messages, especially if the messages carry a sense of urgency with them. If they are using the same password across multiple services, they should change them, and clear sessions / revoke tokens in apps, where possible.

https://cdn.mos.cms.futurecdn.net/GcQXTy4NBXKeoop4V5WQnQ.jpg

Source link

Quordle hints and answers for Saturday, April 4 (game #1531)

NYT Connections hints and answers for Saturday, April 4 (game #1028)

NYT Strands hints and answers for Saturday, April 4 (game #762)

Dell packs full desktop performance into a palm-sized device that’s powered entirely through a single USB-C connection

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Did You Catch The Super Mario Galaxy Movie’s Kirby Reference?

Netflix Confirms New Price Hike, and Its 2026 Plans May Explain Why

Karen Page Is ‘a Killer’

Meet the Stars From Season 3 – Hollywood Life

Canberra urges Easter travel as fuel shortages hit rural Australia

Sloan, Spyre Therapeutics CMO, sells $397k in shares

Form 13D/A TripAdvisor For: 3 April

Form 13D/A Delek Logistics Partners For: 3 April

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Major data breach at popular hookup app leaks data on millions of users – see if you’re safe

Did You Catch The Super Mario Galaxy Movie’s Kirby Reference?

Netflix Confirms New Price Hike, and Its 2026 Plans May Explain Why

Canberra urges Easter travel as fuel shortages hit rural Australia

Karen Page Is ‘a Killer’