- Two dating sites with the same owner have suffered huge data leaks
- Over 850,000 users have been affected in total
- Victims are at risk of identity theft, and urged to take action now
A database belonging to matchmaking site, Senior Dating, has been discovered on data leak site Have I Been Pwned (HIBP). The database contains the personally identifiable information of 765,517 users, and the site has since been shut down entirely.
The compromised data breach stems from a Google-backed web development platform, Firebase.
Another dating site with the same owner, Ladies.com, suffered a similar breach, with 118,809 users exposed. The site, a lesbian dating platform, was also shut down shortly after the leak, on December 4.
Early disclosure
As a dating site for users aged 40 and over, the site held the photos, emails, geographic locations, and even drinking and smoking habits.
Researchers noted disclosure notices for the breaches as early as February 25 for ‘Ladies’ and April 4 for ‘Senior Dating’, as the unpatched vulnerability was left for months until the breach was uploaded onto HIBP in November.
A breach of this scale and severity should, of course, have warranted a much more urgent and robust response, but as of yet, the company does not seem to be offering any credit monitoring services to those affected.
Criminal actors may well have had access to users’ emails, passwords, locations, and information – so there’s a significant risk of identity theft or social engineering scams. Threat actors could have access to information that could be used against them, such as geographic locations or relationship status.
We would urge anyone concerned to keep a close eye on their accounts for suspicious activity and to be on the lookout for any scams or new online contact. We’ve made a list of the best identity theft protection software around, so make sure to check it out if you think you may be affected.