CyberNews researchers have stumbled on an unsecured database leaking over 1 million NSFW photos shared by users of a Korean dating app. The database contained mostly image files, with over 880,000 files pointing to explicit images sent by users through private messages. Researchers believe that the leaked pictures belong to Sweet Chat or Sweet Talk, a free Korean dating app for teenagers.
“We cannot state with 100% certainty that this bucket actually belongs to the app 스윗톡 (Sweet Talk),” researchers said. “However, a short journey brought me to that conclusion. There are images in the database for the service SweetChat that lead to the website sweet.chat.”
Although the data collection included no personally identifiable information (PII), such as names, usernames or email addresses, all of the exposed images seem to contain a numerical user ID that could be used to locate the exact username of individuals.
The team warned that the files could have been accessed by other individuals who may have had access to the link.
“If we assume that this unsecured bucket belongs to Sweet Talk/Sweet Chat, then that means that Sweet Talk users have had some of their most private and explicit images leaked online, accessible to anyone who has the link,” CyberNews explained. “Unfortunately, accessing an unsecured Amazon S3 bucket is remarkably easy – and there are many people who know how to find these buckets.”
Criminals could use the sensitive images to extort identified users by threatening to release the data to friends and family unless their demands are met.
Unfortunately, the research team was not able to confirm their findings with Sweet Talk/Sweet Chat.
“We contacted the app maker via email, but have not received any response yet,” investigators added. “Fortunately, Amazon was able to close off the unsecured bucket on December 23, 14 days after we first contacted them.”
Check now if your personal info has been stolen or made public on the internet, with Bitdefender’s Digital Identity Protection tool.