vpnMentor’s research team recently received a report from an anonymous ethical hacker about a massive data leak exposing users of over 70 adult dating and e-commerce websites from around the world.
The various websites were all using the same marketing software built by email marketing company Mailfire — who was responsible for the leak. The software in question had been compromised through an unsecured Elasticsearch server, exposing people all over the world to dangers like identity theft, blackmail, and fraud, says vpnMentor. It also appears that the exposed server was the victim of a recent and ongoing ‘Meow’ cyberattacks campaign that has been targeting unsecured Elasticsearch servers and wiping their data.
Further investigation revealed that some of the sites exposed in the data leak were scams, set up to trick men looking for dates with women in various parts of the world.
In total, more than 70 websites were affected in the data leak, all using Mailfire services. Most of the websites using the tool were adult dating websites. However, the database also contained data from e-commerce websites. Among the websites affected included a dating site for meeting Asian women, a premium international dating site targeting an older demographic, one for people who want to date Colombians, and more similar sites connecting men to women in different parts of the world. It also appeared that many of the websites shared common owners.
Based on vpnMentor's investigation, the unsecured server was a log for notifications being sent by the owners of all 70+ websites via Mailfire’s software. At the beginning of the investigation, the server’s database was storing 882.1 GB of data from the previous four days, containing over 370 million records for 66 million individual notifications sent in just 96 hours.
Each of the millions of notifications contained valuable and sensitive Personally Identifiable Information (PII) data for people using the affected websites to send and receive messages. The PII data revealed included:
- Full names
- Age and date of birth
- Gender
- Email addresses
- Locations of senders
- IP addresses
- Profile pictures uploaded by users
- Profile bio descriptions
Aside from the PII data, the leak also exposed conversations happening between users on dating sites affected. These often revealed private and potentially embarrassing or compromising details of people’s personal lives and romantic or sexual interests.
The breach affected people across the globe, in over 100 countries, such as:
- Afghanistan
- Australia
- Belgium
- Canada
- Estonia
- France
- Germany
- Hong Kong
- Israel
- Japan
- Kenya
- New Zealand
- Portugal
- Qatar
- Russia
- Singapore
- UK
- USA
For more details, including images showing the breach, please visit https://www.vpnmentor.com/blog/report-mailfire-leak/