Active on adult dating site, chances are high your personal data has leaked online

Personal details of many Indians are believed to be exposed in a massive global database leak of hundreds of thousands of users who signed up for online adult dating sites.
The leaked data includes full names, age and date of birth, gender, email addresses, locations of senders, IP addresses, profile pictures uploaded by users and profile bio descriptions. This leaked data makes the user vulnerable as it can be misused to further attack them with new phishing attacks.
The cybersecurity research team at vpnMentor, the world’s largest VPN review website, found that the hacked websites were using the same marketing software built by email marketing company Mailfire.
The leaky database, an Elasticsearch server, was discovered at the end of August by security researchers from vpnMentor. The database was taken offline on September 3 after vpnMentor tracked down its owner in Mailfire, a company that provides online marketing tools.
These dating sites promised men the opportunity to find a young female partner in various areas of the globe, such as Eastern Europe or Eastern Asia. Anyone who would have found this database over the course of the past few weeks would have been able to learn the identities of users who signed up on these dating sites and access their profiles to read private messages or see past connections.
vpnMentor researchers said the database stored copies of push notifications that various online sites were sending to their users via Mailfire’s push notification service.
Push notifications are real-time messages that companies can send to smartphone or browser users who agreed to receive such messages.
The leaky database stored more than 882 GB of log files pertaining to push notifications sent via Mailfire’s service, with the logs being updated in real-time, as new notifications were being sent out.
In total, vpnMentor said the log files contained details for 66 million individual notifications sent over the previous 96 hours, with personal details for hundreds of thousands of users.
vpnMentor, who analyzed the leaked data while searching for the database owner, said it found notifications belonging to more than 70 websites.
Some of the sites where e-commerce stores and classified ads networks from Africa; however, the vast majority of notifications originated from domains linked to dating sites. Some of the dating sites that were found in the leaky server included Kismia, Julia Dates, Emily Dates, Asian Melodies, Ukrainian Charm, Asia Charm, JollyRomance, OneAmour, ValenTime, Rondevo, Victoria Brides, Loveeto, Oisecret, WetHunt, Cum2Date, Jolly.me, and many more.
Most of these sites used visually-looking designs, and while using different domains, appeared to be part of a larger network.
Without any doubt, the notifications sent by this network of dating sites was just spam, trying to lure users to return to the site, claiming that a new user had sent them a message.
But while spamming users with push notifications is not actually an issue, especially if the users agreed to receive these messages, the problem was that personal data was also involved.
According to copies of the exposed logs seen by ZDNet, the leaky Elasticsearch server didn’t only contain copies of the notifications but they also included a “debug” area where personal information for the user receiving the notification was also included.
Some of the data found in these debug fields included names, age, gender information, email addresses, general geographical locations, and IP addresses.
Furthermore, the notifications also contained links back to the user’s profile, in case the user clicked or tapped on the notification. These links also contained authentication keys, meaning anyone with this URL would have been able to access a user’s profile on the dating site without needing a password.