Online dating app Heyyo left a server exposed on the internet without a password, disclosing the personal details, images, location data, phone numbers and dating preferences for nearly 72,000 users, believed to be the app's entire userbase.
According to a news report, security researchers at WizCase found the database, which contained personally identifiable information, such as:
- Names
- Phone numbers
- Email addresses
- Dates of birth
- Gender
- Height
- Profile pictures and other images
- Facebook IDs for users who linked their profiles
- Instagram IDs for users who linked their profiles
- Longitude and latitude
- Who liked a user's profile
- Liked profiles
- Disliked profiles
- Superliked profiles
- Blocked profiles
- Dating preferences
- Registration and last active date
- Smartphone details
The news report says the data's authenticity was verified by contacting some of the users whose phone numbers were included in the database, and then proceeded to notify Heyyo of the data breach. The database was taken down only after a week Heyyo was made aware of the incident, says the news report.