Security researchers from Cybernews discovered an unsecured MongoDB instance belonging to Headero, a dating and hookup app. The database contained over 350,000 user records, including names, email addresses, social login IDs, JWT tokens, profile pictures, device tokens, sexual preferences, STD status, and exact GPS locations. Although the database was immediately locked down by ThotExperiment, it is unclear how long it remained open or if any threat actors accessed it. No evidence of abuse has been found so far. Users are advised to be vigilant against phishing attacks and to change passwords if they are used across multiple services.
TPRM report: https://scoringcyber.rankiteo.com/company/thotexperiment
"id": "tho301061125",
"linkid": "thotexperiment",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '350,000 user records',
'industry': 'Dating and Hookup App',
'location': 'US',
'name': 'ThotExperiment',
'type': 'Company'}],
'attack_vector': 'Unsecured Database',
'customer_advisories': 'Be extra vigilant when receiving unsolicited '
'messages, both via email and social platforms.',
'data_breach': {'number_of_records_exposed': '350,000 user records, 3 million '
'chat records, 1 million chat '
'room records',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Email addresses',
'Social login IDs',
'JWT tokens',
'Profile pictures',
'Device tokens',
'Sexual preferences',
'STD status',
'Exact GPS locations']},
'description': 'Cybernews found an unsecured MongoDB instance belonging to '
'Headero, which contained millions of records and PII.',
'impact': {'data_compromised': ['Names',
'Email addresses',
'Social login IDs',
'JWT tokens',
'Profile pictures',
'Device tokens',
'Sexual preferences',
'STD status',
'Exact GPS locations'],
'identity_theft_risk': 'High',
'systems_affected': 'MongoDB database'},
'initial_access_broker': {'entry_point': 'Unsecured MongoDB instance'},
'lessons_learned': 'Human error leading to exposed databases remains one of '
'the most common causes of data leaks and security '
'breaches.',
'post_incident_analysis': {'root_causes': 'Human error leading to exposed '
'databases'},
'recommendations': ['Be vigilant when receiving unsolicited messages',
'Do not download files or click on links in unsolicited '
'messages',
'Change passwords if using the same password across '
'multiple services',
'Clear sessions / revoke tokens in apps, where possible'],
'references': [{'source': 'Cybernews'}],
'response': {'communication_strategy': 'Advised users to be vigilant',
'containment_measures': 'Database locked down'},
'title': 'Headero Data Exposure',
'type': 'Data Exposure',
'vulnerability_exploited': 'Unsecured MongoDB instance'}