Hacker leaks data of more than 2 million dating site users

The stolen data has been dumped on a publicly accessible hacking forum

Sensitive data belonging to nearly 2.3 million users of dating website MeetMindful has leaked online.

According to ZDNet, a 'well-known' hacker dumped the stolen data on a publicly accessible hacking forum, and the file is still available for free download.

The leaked information includes users' real names, birth dates, city, state, marital status, email address, dating preferences, body details, Facebook user IDs, IP addresses, geolocation details, Facebook authentication tokens and more.

However, the data doesn't expose the messages exchanged by the registered users.

T he leaked data appears to be a dump of the dating website's user database. The thread where stolen data was shared has already been viewed by hundreds of users.

In some cases, the leaked information can be used to easily trace the real-world identities of the dating service's users.

MeetMindful is currently inaccessible and shows a message stating, 'This website is using a security service to protect itself from online attacks'.

It is not yet clear whether the website has notified its users of the security breach.

The hacker who leaked the data goes by the name ShinyHunters, and has been involved in several recent data breaches, including the leak of details of more than 300,000 individuals using India-based cryptocurrency exchange, BuyUcoin.

Earlier this week, ShinyHunters allegedly leaked the data of millions of users registered on Teespring. The hacker is also said to have leaked 1.9 million user records stolen from online photo editing service Pixlr.

Security experts believe improperly secured AWS S3 buckets could be one of the leading causes behind these data breaches.

Last year, an unsecured database on Amazon was found exposing sensitive information on thousands of British consultancy firms, as well as working professionals.

The database was uncovered by two researchers at cyber security firm vpnMentor, who claimed that it was stored on an AWS S3 bucket and was leaking information belonging to the HR departments of various British firms.

Cloud storage buckets are the basic containers used to hold data. Everything that a user stores in the cloud must be contained in a bucket. Admins can use these containers to organise their data and to control access to it.

In November, hotel reservation platform Prestige Software reportedly exposed the personal data of millions of hotel guests worldwide, after misconfiguring an AWS S3 bucket. Security researchers said the company had been storing data on hotel guests and travel agents for years without any protections in place.

In September, researchers from cyber security firm Comparitech claimed that nearly six per cent of all Google Cloud buckets were vulnerable to unauthorised access due to misconfiguration issues.