Two significant data breaches affecting the dating websites Senior Dating and Ladies.com have been added to the Have I Been Pwned (HIBP) platform. The incidents, both attributed to unprotected Firebase databases, collectively exposed the personal information of nearly 917,000 users. Despite prior warnings, the operator of both platforms delayed public acknowledgment until December 2024.
OSINT researcher Ryan Fae initially uncovered the breaches, disclosing them on X on December 3, 2024. According to Fae, the databases exposed sensitive user details, including:
- Senior Dating (766k users): Email addresses, photos, dates of birth, geographic coordinates, and links to Facebook profiles. Additional data included relationship statuses, drinking and smoking habits, and educational backgrounds.
- Ladies.com (119k users): Email addresses, profile photos, genders, sexual orientations, and precise geographic locations. This breach also revealed tattoo status and family structure details.
The breaches, which occurred in November and July 2024, respectively, have been linked to inadequate database security practices by Marcin Butanowicz, the operator behind both platforms. Butanowicz runs the apps through two companies: MBS Software in Poland and Cupid Solution LLC in the United States.
Dating app users exposed
Senior Dating, a matchmaking platform targeting individuals aged 40 and older, was among the most popular niche dating apps in its demographic. Ladies.com, a service catering to the lesbian community, also served a dedicated user base. Both platforms are now defunct following revelations of the breaches.
In a public acknowledgment issued on December 4, Butanowicz confirmed that the databases had been secured. The shutdown of the Senior Dating app followed shortly after.
Ryan Fae noted that initial vulnerability reports sent to Butanowicz in February 2024 went unanswered, including notices from a security researcher identified as “BobDaHacker.” Fae himself escalated the matter in December by contacting Butanowicz directly.
SCOOP: a yet-unpatched vulnerability in the dating apps "Ladies" (lesbian) and "Senior Dating" (40+) exposes 917k individual user records.
— ryan fae (@RhinozzCode) December 3, 2024
both are operated by Gliwice, PL native Marcin Butanowicz, who did not acknowledge three disclosure notices from February this year. pic.twitter.com/GlBaWMtCuE
The delay in addressing the vulnerabilities led to a significant exposure period, during which sensitive data remained accessible. While the databases are now reportedly secured, the prolonged inaction raised questions about the operator's commitment to user privacy and security.
If you have received an alert from HIBP, it means that your email addresses and personal data have been exposed, elevating the risk of phishing, social engineering, and password brute-forcing. Out of an abundance of caution, if you're using the same credentials on other online platforms, it would be advisable to change them.
O.MG Cable Scan Is a Wake Up Call for Hardware Security
Leave a Reply