Following reports of security flaws and risks concerning the popular gay dating app, Grindr took space in online and offline forums, another social media app used by the members of the LGBTQ community is on the limelight for letting the database that contained sensitive and personal data of its users exposed online.
The lesbian dating app, Rela, popular among Chinese women have left an unsecured database containing millions of user profiles and private data because the database was not protected with a password or any form of encrypted keys.
The exposed database was discovered by Victor Gevers, a cyber security researcher from the GDI Foundation who has previously found the “BreedReady” database and the Alipay Datasets in the past few weeks. Gevers job is to research for vulnerable MongoDB databases and report them to the owners to have them secured. He works with the GDI Foundation, a non-profit organization that focuses on vulnerability and cyber security disclosures.
Last week, Gevers posted in his Twitter account that Rela has left its user database exposed because it was not protected by any form of encryption like passwords and keys. Rela has previously disappeared from app stores in May 2017 following the reported shut down by Chinese regulators. Chinese authorities never confirmed the shut down.
The app returned in different app stores last year on a different cloud provider, says its app store listing. Although the exposed database was found last week, Gevers believe that the database has been vulnerable since June 2018, a month after the app made its comeback to app stores.
The database found by Gevers contains information from 5.3 million app users with each record included their nicknames, dates of birth, height and weight, ethnicity, and sexual preferences and interests. Records also, where users permitted, included their precise geolocation. The database also contained more than 20 million “moment,” or status updates – including private data.
“The privacy of five-plus million LGBTQ+ people face a lot of social challenges in China because no laws are protecting them from discrimination,” said Gevers. “This data leak that has been open for years makes it even more damaging for the people involved who were exposed.”
LGBTQ COMMUNITY IN CHINA AND DATING APPS
Members of the LGBTQ community in China are in constant contact with discrimination and oppression. While same-sex relationships were decriminalized in the country since 1997, rights have been limited to them and attitudes, and public opinion has slow to change.
Because of the data leaked that have potentially exposed the data of millions of lesbian and bisexual women in China to hate groups and anti-gay movements, the database can be used against the persons of those whose data were included in the unsecured database. While there is no indication and reports that hackers accessed the database, the security risks for those whose data was contained in the database remain.
The popular gay dating app for men Grindr, a dating app that is known to use geolocation has been swarmed with controversy over the security of user’s data. While there is no reported breach from Grindr, users are gradually pulling their accounts away as the risks become more apparent to them. In 2014, it was reported that the app’s relative distance measurements could allow people to locate individual users, thus, compromising its privacy. Today, the said app is being used by countries especially in United Arab Emirates, Indonesia, Ukraine, Russia, and Egypt to track and arrest gay men; which is a significant violation to the individuals’ data privacy.
Furthermore, the gay dating app also faced a legal setback after a previous user accused the company of failing to protect his identity after the victim’s ex-boyfriend used the app to harass him, posing as the victim to solicit sex from other people. While the case was dismissed even after an appeal, the nightmare of harassment that happened inside the app was still grim.
The United States government has also tagged the Chinese gaming company Kunlun, who bought 60% of the shares of Grindr, as a threat to national security forcing the company to resell it.
Read More: APPEAL AGAINST GRINDR’S LIABILITY OVER HARASSMENT ON THE APP REJECTED; CONFIRMS THE EXTENT OF CDA PROTECTION TO APPS
Meanwhile, Gevers confirmed in a separate tweet that database is now secured but warned that the app itself is still not secured and risks the privacy of the users. He advised everyone to not use it.