72,000 Heyyo Users Have Private Information Leaked

Security researchers discovered Turkish dating app Heyyo had its entire database of users listed on an unprotected, publicly available server.

Information from almost 72,000 singles, such as their contact details, pictures, GPS location and sexuality, was able to be easily found via a search engine and was accessed without any requirement for a password or authentication.

Representatives from WizCase found the leak and attempted to notify the app developers but could not reach them. Instead, they contacted journalists at ZDNet before Turkey’s Computer Emergency Response Team intervened and took the database down.

Robert Ramsden Board, a security expert for EMEA, told Teiss: “Servers should never be left without authentication or a password. This is just basic cybersecurity hygiene but unfortunately for companies using default or misconfigured security settings, data breaches are becoming a regular occurrence and this is just the latest example.

“The data leaked exposes users to a host of security threats, which could leave them vulnerable to scammers. Threats range from identify theft, catfishing, blackmail, sexual harassment to phishing. Users should be cautious about the information they share on dating apps and stay alert to any suspicious activity or interactions.”

During August, hookup app 3Fun leaked the private information of its 1.5 million users. The researchers who uncovered the flaw described it as “the worst security for any dating app we’ve ever seen.”

Private data from over 5 million members of Chinese lesbian dating app Rela was exposed a few months before, which was especially dangerous because of the country’s lack of laws against sexuality-based discrimination.

Elsewhere in the LGBTQ+ community, Jack’d was forced to pay out $240,000 of compensation after a programming bug allowed attackers to access users’ nude images.

Read more here.