- Two dating sites from the same owner have suffered huge data breaches
- In total, more than 850,000 users have been affected
- Victims are at risk of identity theft and are urged to take action now
A database belonging to matchmaking site Senior Dating has been discovered on the data leak Site Have I Been Pwned (HIBP). The database contains personally identifiable information of 765,517 users and the site has since been completely shut down.
The compromised data breach comes from a Google-backed web development platform, Firebase.
Another dating site from the same owner, Ladies.com, suffered a similar breach, with 118,809 users exposed. The site, a lesbian dating platform, was also shut down shortly after the leak, on December 4.
Early disclosure
As a dating site for users aged 40 and older, the site contained photos, emails, geographic locations, and even drinking and smoking habits.
Researchers observed breach disclosure notices as early as February 25 for 'Ladies' and April 4 for 'Senior Dating', as the vulnerability was left unpatched for months until the breach was uploaded to HIBP in November.
Of course, a breach of this scale and severity should have warranted a much more urgent and forceful response, but so far, the company does not appear to be offering any credit monitoring services to those affected.
Criminal actors may have had access to users' emails, passwords, locations, and information, so there is a significant risk of identity theft or social engineering scams. Threat actors could have access to information that could be used against you, such as geographic locations or marital status.
We urge anyone concerned to closely monitor their accounts for suspicious activity and be on the lookout for any scams or new online contacts. We've put together a list of the best identity theft protection software out there, so be sure to check it out if you think you may be affected.
Via Information Security Buzz