A database belonging to Forces Penpals, a social networking and dating platform catering to US and UK armed forces personnel, was found publicly accessible online.

The unsecured database, discovered by cybersecurity researcher Jeremiah Fowler and reported to vpnMentor, exposed over 1.1 million sensitive records, including user images and proof-of-service documents, raising privacy and security concerns for military members and their supporters.

In his analysis of the publicly exposed database, Fowler found 1,187,296 records, including:

• User images
• Proof-of-service documents revealing full names, mailing addresses, Social Security Numbers (US), National Insurance Numbers (UK), and service details such as rank, branch, and location

While some user images were publicly available by design, the inclusion of sensitive proof-of-service documents posed a heightened risk. This type of data exposure could lead to identity theft, phishing attacks, or even national security risks in the case of active-duty military personnel and those with security clearances.

“The publicly exposed database was not password-protected or encrypted,” Fowler said. “It contained a total of 1,187,296 documents. In a limited sampling, a majority of the documents I saw were user images, while others were photos of potentially sensitive proof of service documents.”

Upon discovery, Fowler sent a responsible disclosure notice to Forces Penpals, which restricted public access to the database the following day. The organization responded that the exposure resulted from a coding error, with documents mistakenly sent to the wrong storage bucket, leaving sensitive information vulnerable.

The breach highlights several risks, including:

1. Identity Theft and Fraud
   The exposed records contained enough personal information to enable identity theft, impersonation, and financial fraud.
2. Phishing and Social Engineering
   Criminals could use the data to craft targeted phishing campaigns, increasing their likelihood of tricking victims into divulging additional sensitive information.
3. National Security Concerns
   For military personnel, disclosing rank, location, and service details could potentially compromise operational security.

There’s no evidence so far suggesting that any malicious actors accessed the exposed data.

Protect Your Identity with Bitdefender Digital Identity Protection

Data breaches like this serve as a stark reminder of the importance of protecting your personal information. To safeguard yourself from potential risks, consider using Bitdefender Digital Identity Protection.

With Bitdefender Digital Identity Protection, you can:

• Monitor your personal data across the web, including the dark web
• Receive alerts if your sensitive information is exposed in a data breach
• Take proactive steps to minimize risks and secure your online presence