Lily Hay Newman writes via Wired:
Security researchers Noam Rotem and Ran Locar were scanning the open internet on May 24 when they stumbled upon a collection of publicly accessible Amazon Web Services “buckets.” Each contained a trove of data from a different specialized dating app, including 3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, Herpes Dating, and GHunt. In all, the researchers found 845 gigabytes and close to 2.5 million records, likely representing data from hundreds of thousands of users. They are publishing their findings today with vpnMentor.
The information was particularly sensitive and included sexually explicit photos and audio recordings. The researchers also found screenshots of private chats from other platforms and receipts for payments, sent between users within the app as part of the relationships they were building. And though the exposed data included limited “personally identifying information,” like real names, birthdays, or email addresses, the researchers warn that a motivated hacker could have used the photos and other miscellaneous information available to identify many users. The data may not have actually been breached, but the potential was there. “The researchers don’t know whether anyone else discovered the exposed trove before they did,” the report adds. “If you use one of the affected apps there’s not a lot you can do to protect against the possibility that the data was stolen before the researchers found it. There wasn’t a specific trove of passwords in the exposed data, so changing your password likely won’t do much.”
All you can really do is hope the developer locks down the cloud infrastructure before anyone grabs the information.