Dating App “Heyyo” Exposes 77000 Users From All Around the World
- A Turkish dating app has exposed highly sensitive data of 77000 of its users.
- The database remained online and accessible long after its discovery until the authorities took it offline.
- Heyyo users haven’t realized that their data has been exposed, as the company hasn’t notified them.
The Turkish dating app “Heyyo” has left one of their Elasticsearch databases unprotected, exposing 600 MB of sensitive data belonging to 77000 of its users. The people who were affected are mainly from the US, Brazil, and Turkey, but there are victims from Germany, Portugal, Spain, and African countries as well. We were informed of this incident by WizCase’s Daniel Brown, who discovered the database together with a team of researchers working for the cybersecurity company.
The data that was exposed include the following sensitive information:
- User names (mainly first names)
- Email address
- Country
- GPS location (latitude and longitude)
- Type of mobile device the app was downloaded on
- Gender
- Date of birth
- Dating history (likes, dislikes, super likes, message count, blocks)
- Sexual preferences (based on user searches)
- Links to social media profiles (Facebook, Instagram)
- Profile pictures
- Phone number
- Occupation (when entered by the user)
As the WizCase researchers continued their investigation by looking into the database, the number of entries grew, so it was a live production server and not some kind of a backup. While the researchers found no evidence that anyone else accessed the database, this cannot be excluded as a possibility. If you were using the Heyyo app, you should beware of the messages that end up in your inbox from now on. You are susceptible to phishing attacks, impersonation, and most importantly extortionists. If you are approached by a blackmailer who threatens the publication of your personal data, you would be better reporting that person to the authorities instead of paying whatever amount they will ask for.
Heyyo hasn’t updated their website with a warning, nor have they sent any notifications to the users on the app. This means that the 77000 users are probably unaware of what has happened, and the user rating of 4.6 on Google Play isn’t reflecting anything bad either. The database was taken down today after multiple notifications from the researchers failed to reach the developer of the app, and ZDNet finally reached out to the Turkish Computer Emergency Response Team (CERT).
Help us spread the word of warning by sharing this post through our socials, on Facebook and Twitter. Also, don’t forget to leave a comment down below, sharing your thoughts about this story.