The online dating app Heyyo left a server exposed on the internet without protection, data were stored on an Elasticsearch instance.
The exposed data included personal details, images, location data, phone numbers, and dating preferences for nearly 72,000 users.
The detailed data exposed left online included:
The news was first reported by ZDNet who was informed about the incident by security researchers from WizCase.
“Avishai Efrat, Wizcase leading
ZDNet verified the authenticity of the data and contacted the Turkey-based company behind Heyyo to notify it of the leak, but the company did not reply for a week.
While waiting for a reply from the development team, the experts noticed that the number of registered users grew from 71,769 to 71,921. Experts also registered an account ad verified that associated data were leaked online. This circumstance suggests that the server was a live production system.
The server was taken down today after ZDNet contacted Turkey’s Computer Emergency Response Team (CERT).
Clearly, the exposure of this type of data poses serious risks, including the extortion, to the users’ privacy.
At the time of writing is unclear if anyone else had access to the exposed database.
(SecurityAffairs – Heyyo, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.