Over 1 Million Records from US and UK Military Dating & Social Networking Service Exposed Online
November 26, 2024
A database belonging to Forces Penpals, a social networking and dating platform catering to US and UK armed forces personnel, was found publicly accessible online.
The unsecured database, discovered by cybersecurity researcher Jeremiah Fowler and reported to vpnMentor, exposed over 1.1 million sensitive records, including user images and proof-of-service documents, raising privacy and security concerns for military members and their supporters.
In his analysis of the publicly exposed database, Fowler found 1,187,296 records, including:
- User images
- Proof-of-service documents revealing full names, mailing addresses, Social Security Numbers (US), National Insurance Numbers (UK), and service details such as rank, branch, and location
While some user images were publicly available by design, the inclusion of sensitive proof-of-service documents posed a heightened risk. This type of data exposure could lead to identity theft, phishing attacks, or even national security risks in the case of active-duty military personnel and those with security clearances.
“The publicly exposed database was not password-protected or encrypted,” Fowler said. “It contained a total of 1,187,296 documents. In a limited sampling, a majority of the documents I saw were user images, while others were photos of potentially sensitive proof of service documents.”
Upon discovery, Fowler sent a responsible disclosure notice to Forces Penpals, which restricted public access to the database the following day. The organization responded that the exposure resulted from a coding error, with documents mistakenly sent to the wrong storage bucket, leaving sensitive information vulnerable.
The breach highlights several risks, including:
- Identity Theft and Fraud
The exposed records contained enough personal information to enable identity theft, impersonation, and financial fraud. - Phishing and Social Engineering
Criminals could use the data to craft targeted phishing campaigns, increasing their likelihood of tricking victims into divulging additional sensitive information. - National Security Concerns
For military personnel, disclosing rank, location, and service details could potentially compromise operational security.
There’s no evidence so far suggesting that any malicious actors accessed the exposed data.
Protect Your Identity with Bitdefender Digital Identity Protection
Data breaches like this serve as a stark reminder of the importance of protecting your personal information. To safeguard yourself from potential risks, consider using Bitdefender Digital Identity Protection.
With Bitdefender Digital Identity Protection, you can:
- Monitor your personal data across the web, including the dark web
- Receive alerts if your sensitive information is exposed in a data breach
- Take proactive steps to minimize risks and secure your online presence
tags
Author
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsRight now Top posts
Torrents with Pirated TV Shows Used to Push Lumma Stealer Malware
November 14, 2024
What Key Cyberthreats Do Small Businesses Face?
September 06, 2024
FOLLOW US ON SOCIAL MEDIA
You might also like
Bookmarks
