An online database was left without any password and that was the reason that hundreds of thousands of users’ data was leaked. These users may have signed up for online dating sites. The database leak was from an Elasticsearch server. The leak was discovered at the end of August by security researchers from vpnMentor. However, the database has been taken offline on 3rd September after the researchers tracked down the owner of the database. The owner was tracked by Mailfire. Mailfire is a company that provides online marketing tools. The researchers said that the database had copies of push notifications. The push notifications were from various online dating sites. These notifications were sent to the users via Mailfire’s push notification service.
Push notifications are often sent to the users of the application. This notification can be sent to the smartphone or browser users. The database had around 882 GB of log files. The log files had notifications are sent via Mailfire’s service. The logs were being updated in real-time, as new notifications were being sent out. The researchers also said that the log files contained almost 66 million users’ individual details. All of the notifications which were sent to these individuals were present in the log files. The notifications were from the previous 96 hours, with personal details for hundreds of thousands of users.
The notifications present in this file belong to more than 70 websites. Some of the sites were E-Commerce stores or even classified ad networks from Africa. Most of the notifications were from dating sites. Most of the notifications from dating sites were spam. The notifications claimed that a new user has sent a message. The main issue with the push notifications was that they also involved some personal data regarding the user. Some of the data in these debug fields included names, age, gender information, email addresses, general geographical locations, and IP addresses. The identities of the users were easily tracked down using the data.