- Rela has left a server unprotected since last summer, exposing 5.3 million user profiles of their platform.
- Homosexuality in China is legal but still seen with great conservatism, so the risk for the exposed individuals is high.
- The identities of the users remain protected, but there’s enough information to identify them, including highly private data.
A personal information leak is always a lousy incident for those affected, but when the leaked data puts you in danger and social discrimination, the problem doubles. Rela, a popular Chinese dating app for homosexual women, should have made a much more responsible effort to secure the profile information of its users, as it has exposed 5.3 million of them. The discovery was made by security researcher Victor Gevers, who has found one of the company’s servers that was accessible without password protection. According to the researcher, the database has been exposed since June 2018, but he had made the discovery only last week.
Each of the 5.3 million profiles that were contained on the server in question includes the user nicknames, dates of birth, ethnicity, sexual orientation and preferences, height, weight, and general interests. For many of these profiles, there’s also precise geolocation data (depending on the account settings), and their private “moments”, or status updates. As Gevers told TechCrunch, which was the first to receive the tip: “The privacy of five-plus million LGBTQ+ people face a lot of social challenges in China because there are no laws protecting them from discrimination. This data leak that has been open for years makes it even more damaging for the people involved who were exposed.”
Homosexuality in China has been rendered legal in 1997 and declassified as a mental illness in 2001, but LGBT protection laws have not been established in the country yet. Same-sex couples cannot seek legal protection against discrimination, cannot marry, and don’t have the right to adopt children. With the anti-discrimination provisions missing from the Chinese Constitution, the people who had their profiles leaked are now facing a host of problems, from risking their employment to bullying, getting banned from personal expression platforms, and even not being permitted to blood donation and reception anymore.
Rela was even bashed in May 2017 by the Chinese authorities, and as reported by the BBC, conservatism in the country has led to the unofficial shutdown. Following a move to a new cloud provider, the app returned in May 2018, and so the unprotected server remained misconfigured since then. Rela responded by stating that the server is now protected, but no further details or explanations were provided.