Personal information including usernames, passwords, e-mail address, gender, date of birth, country of residence and photos, as well as sexual preferences of over 1.5 million online dating users were found in an unsecured MongoDB database by MacKeeper researchers accessible on the internet. The data was found to belong to a New Zealand based company that runs haveafling.mobi, haveafling.co.nz, haveanaffair.co.nz, haveanaffair.mobi, hookupdating.mobi and the mobile application “Hook Up Dating.
In response to MacKeeper’s notification to the company, they claimed that the database is mostly dummy data used to test migrating data from SQL to MongoDB. The researchers are not okay with this claim considering the massive number of accounts.
Also, a one by one analysis of a random selection of more than 300 records shared with ZDNet proves otherwise.
The company is taking the leak lightly claiming that only the researchers had accessed the data. They did not invalidate the affected passwords and only notified users to change their password because they were upgrading their system for security reasons.