Leaky server exposes users of dating site network
An online database left exposed online without a password has leaked the personal details of hundreds of thousands of users who signed up for online dating sites. The leaky database, an Elasticsearch server, was discovered at the end of August by security researchers from vpnMentor.
The database was taken offline on September 3 after vpnMentor tracked down its owner in Mailfire, a company that provides online marketing tools. vpnMentor researchers said the database stored copies of push notifications that various online sites were sending to their users via Mailfire's push notification service.
Push notifications are real-time messages that companies can send to smartphone or browser users who agreed to receive such messages. The leaky database stored more than 882 GB of log files pertaining to push notifications sent via Mailfire's service, with the logs being updated in real-time, as new notifications were being sent out. In total, vpnMentor said the log files contained details for 66 million individual notifications sent over the previous 96 hours, with personal details for hundreds of thousands of users.