A database containing records of tens of millions of users of various dating apps has been found publicly accessible, according to a researcher who says it remains unclear who amassed the data.
In a blog Wednesday, security researcher Jeremiah Fowler said he discovered the database and that it was not protected by so much as a password. The 42.5 million records, which appeared to belong to multiple apps, were stored on a U.S.-based server and largely contained the IP addresses and location data of American users.
The apps to which the data belongs include Cougardating, Christiansfinder, Mingler, Fwbs (friends with benefits), and “TS,” which Fowler speculates is likely short for “transsexual.”
The database also contained Chinese text, he said, leading him to believe its owner is also Chinese.
“What really struck me as odd was that despite all of them using the same database, they claim to be developed by separate companies or individuals that do not seem to match up with each other,” he wrote in a blog post detailing his findings. “The Whois registration for one of the sites uses what appears to be a fake address and phone number.”
Gizmodo attempted reached out to Christiansfinder for comment, but the email address listed on its website bounced back. The other app developers could not be reached.
Fowler told CyberScoop that while he wasn’t implicating the developers behind the apps of doing anything nefarious, the fact that they’d gone to such lengths to conceal their identities was inherently suspicious.
In addition to IP and location data, the database includes users’ account names and ages. However, there was no personally identifiable information, or PII, a term that encompasses information such as real names, physical addresses, and Social Security numbers.
Fowler notes that a lot of people tend to reuse account names and that can be used as a type of fingerprint. “This makes it extremely easy for someone to find and identify you with very little information,” he said. “Nearly each unique username I checked appeared on multiple dating sites, forums, and other public places.”
Researchers generally wait until exposed databases are taken down before going public. But at time of writing, the database remains online, despite Fowler attempts to notify the host. He disclosed his discovery to raise awareness among users of the apps that their private data is leaking online.