A major data breach at the popular dating app Headero has exposed sensitive information on millions of users, leaving them vulnerable to phishing attacks and other cyber threats.
Security researchers from Cybernews discovered an unsecured MongoDB instance belonging to Headero, which contained over 350,000 user records, more than three million chat records, and a million chat room records. The leaked data includes names, email addresses, social login IDs, device tokens, profile pictures, and GPS locations.
The database was locked down by the app’s developers, ThotExperiment, after Cybernews reported its findings. However, experts warn that users should still be cautious, as the duration of the exposed data is unknown, and it’s unclear if any threat actors accessed it in the past.
Human error is often cited as a common cause of data breaches, with non-password-protected databases being regularly discovered by researchers. Users are advised to be vigilant when receiving unsolicited messages and to take precautions such as changing passwords, clearing sessions, and revoking tokens.
While there’s no evidence of abuse so far, the leak can still put users at risk. Cybercriminals can use this information to craft convincing phishing attacks, deploy malware, steal sensitive files, or commit wire fraud. Users are urged to exercise extra caution when interacting with emails and social platforms from unknown sources.
Source: https://www.techradar.com/pro/security/major-data-breach-at-popular-hookup-app-leaks-data-on-millions-of-users-see-if-youre-safe