Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Heyyo dating app left its users’ data exposed online

Another day, another embarrassing data leak made the headlines, the online dating app Heyyo left a server exposed on the internet. The online dating app Heyyo left a server exposed on the internet without protection, data were stored on an Elasticsearch instance. The exposed data included personal details, images, location data, phone numbers, and dating […]

Heyyo

Another day, another embarrassing data leak made the headlines, the online dating app Heyyo left a server exposed on the internet.

The online dating app Heyyo left a server exposed on the internet without protection, data were stored on an Elasticsearch instance.

The exposed data included personal details, images, location data, phone numbers, and dating preferences for nearly 72,000 users.

The detailed data exposed left online included:

  • Names
  • Phone numbers
  • Email addresses
  • Dates of birth
  • Gender
  • Height
  • Profile pictures and other images
  • Facebook IDs for users who linked their profiles
  • Instagram IDs for users who linked their profiles
  • Longitude and latitude
  • Who liked a user’s profile
  • Liked profiles
  • Disliked profiles
  • Superliked profiles
  • Blocked profiles
  • Dating preferences
  • Registration and last active date
  • Smartphone details

The news was first reported by ZDNet who was informed about the incident by security researchers from WizCase.

“Avishai Efrat, Wizcase leading hacktivist, discovered a severe data leak on Heyyo, a relatively new mobile dating app. Our team was able to access a database of over 70,000 users from around the world through an unsecured Elasticsearch engine.reported WizCase. “The majority of affected users are based in Turkey, but there’s also a significant number from the US and Brazil, which is over ⅕ of their user base. “

ZDNet verified the authenticity of the data and contacted the Turkey-based company behind Heyyo to notify it of the leak, but the company did not reply for a week.

While waiting for a reply from the development team, the experts noticed that the number of registered users grew from 71,769 to 71,921. Experts also registered an account ad verified that associated data were leaked online. This circumstance suggests that the server was a live production system.

The server was taken down today after ZDNet contacted Turkey’s Computer Emergency Response Team (CERT).

Clearly, the exposure of this type of data poses serious risks, including the extortion, to the users’ privacy.

At the time of writing is unclear if anyone else had access to the exposed database.

Unfortunately, other dating platforms suffered similar incident in the past, including Ashley MadisonGrindr, 3Fun, and Luscious.

WizCase also has its own report on the leak, for additional reading.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Heyyo, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]