Rela, a Chinese lesbian dating app that was on iOS, leaked 5 million user profiles via an unprotected database, it has emerged. The incident could put LGBTQ women in China at risk of discrimination.
Rela Database Not Password Protected
A server that stored the data did not have a password. This left the data on it exposed. That data was highly personal. It included users’ nicknames, dates of birth, height and weight, ethnicity, and sexual preferences and interests.
Most worryingly in a country that still has much discrimination against LGBTQ people, some records contained a user’s precise geolocation. The leaky database also included over 20 million status updates, some of which contained private data.
Victor Gevers, a security researcher at the GDI Foundation who found the Rela leak, told Techcrunch:
The privacy of five-plus million LGBTQ+ people face a lot of social challenges in China because their are no laws protecting them from discrimination. This data leak that has been open for years make it even more damaging for the people involved who were exposed.
Rela was actually removed from the iOS and Android app stores in May 2017 in somewhat unclear circumstances. It returned in June 2018. It is at that point Gevers believes that the database became exposed.