Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
    • Best web hosting services
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » Data leak: highly sensitive photos, video and audio leaked from a ‘private social network’

Data leak: highly sensitive photos, video and audio leaked from a ‘private social network’

by Bernard Meyer
11 November 2020
in Security
0
130k+ extremely NSFW sexual photos, video and audio leaked by ‘private social network’
53
SHARES

The CyberNews investigation team recently discovered an unsecured database containing more than 130,000 extremely sensitive, very explicit private photos, videos, and audio recordings. The database appears to belong to a “private social network” that’s most likely based in China. 

The sexting – or sex texting/messaging – industry has certainly boomed in 2020 in response to forced isolation in many regions. As Covid-19 has locked down entire populations, individuals are increasingly looking online for digital intimacy when physical intimacy is forbidden or risky. Since people generally want to feel safe when sending these kinds of explicit communications, it can be seen as a betrayal that a platform would be so loose in its security.

The leaked database contains 132,214 files made up of:

  • 83,016 images 
  • 4,932 videos
  • 43,369 audio
  • 899 gifs

While we normally include multiple examples of the exposed files that are included in the unsecured database, the explicit nature of the majority of the photographs makes that unwise. However, there are some relatively tame images that we can include:

Samples of tame images from the leaked database, with faces blacked out

Suffice it to say: most of the images and videos are not of people’s faces.

Fortunately, Amazon was able to close off the unsecured bucket on November 6, two days after we first contacted them. We were unable to get in contact with the bucket’s owner or creator.

Who owns the bucket?

It is impossible to state with 100% confidence who owns the bucket. There are only media files contained within the bucket, and no usernames, emails or other files that could identify the likely platform or website it came from.

However, the name of the bucket points toward LimitChat, which seems to be one of the products or social platforms related to FaceChance. In this privacy policy, the FaceChance creators list LimitChat as one of their products.

On the related site FaceLimit, a user named ‘beijing’ lists themself as the creator of not only FaceChance, but also a slew of other sites:

User on FaceChance listing his/her other websites

Some of the images in the bucket that we viewed were also screenshots of text messages in Chinese.

For these reasons, we believe that the “private social network” leaking these explicit files is based in China or a Chinese-speaking region.

What does this mean for LimitChat users?

Given that this bucket belongs to LimitChat, which we believe is a product of FaceChance, then LimitChat users have just had their most sensitive, explicit moments leaked online for anyone who knows where to look. We’ve said it before: accessing an unsecured Amazon S3 bucket is remarkably easy – you just need a direct link and that’s it. 

Now, there are no real identifying details in the unsecured bucket – no names, usernames, emails or any identifying documentation. And, beyond that, many of the pictures and videos were not of users’ faces.

However, these kinds of pictures, videos and audio messages are the types that are normally used for blackmailing or cyberbullying. Any user of LimitChat would not want these details leaked to their family or friends, or anywhere online really. For that reason, they might be willing to adhere to an attacker’s demands.

Beyond that, however, the focus here should be placed squarely on the developers’ shoulders. This person or group somehow got the trust of their users, but did not ensure that their very sensitive data would be properly secured.

This can cause emotional or reputational damage to those users, and the fault lies with the platform– not the people uploading these files to the platform.

How do I know that my social platform isn’t leaking my sensitive data?

LimitChat isn’t unique in having unsecured data – in fact, CyberNews has published multiple instances in which databases are leaking sensitive data of various types, most likely because of simply overlooking basic security principles. 

Because it can be so easy to overlook these principles, it’s possible that, even if you aren’t a LimitChat user, your own social platform of choice could be leaking your private information.

For example, if we look at TikTok, there are some major accusations that the Chinese-based platform is spying on you for China – besides simply collecting as much of your personal data as possible. Facebook has also been accused of the same thing – including leaking the personal data of 419 million of its users.

With smaller, much lesser known social media platforms like LimitChat, the risk of unsecured data is most likely larger, not smaller. Smaller platforms have smaller teams, and it is likely that their resources are spread thin between moderating the platform, improving the design, user-friendliness, and engagement, and gathering and securing the data.

In essence: just as with Tiktok, or Facebook, or any other big or small social media platform, you can never be really certain that your data isn’t being leaked. For that reason, it’s most likely a good idea to limit what kind of sensitive data you are sharing. For really sensitive communications, including sexting, we’d probably recommend a secure messaging service like Signal, which doesn’t store your messages or media files on its servers, rather than some small, private social media network. 

What to do next

We reached out to Amazon on November 4 to have the AWS bucket secured and closed off from public access, since we were unable to find contact information for LimitChat/FaceChance’s creator or creators. They were able to secure the bucket on November 6.

In general, however, if you have used LimitChat or are currently using it, we recommend you contact any admin for further information about the leak. Additionally, we recommend you delete your files, if possible, and move off the platform until it can be proven to be secured. Even then, if the leak is confirmed to be LimitChat’s, it may be better to close your account on that platform permanently.

Share53TweetShareShare
Next Post
Surveillance cameras hung on wall with EU logo

EU aid funding surveillance regimes, privacy campaigners claim

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

One of the biggest Android VPNs hacked? Data of 21 million users from 3 Android VPNs put for sale online
Security

One of the biggest Android VPNs hacked? Data of 21 million users from 3 Android VPNs put for sale online

by CyberNews Team
26 February 2021
4

A user on a popular hacker forum is selling three databases that purportedly contain user credentials and device data stolen...

Read more
A blast from the past: the finest retro PCs people use

A blast from the past: the finest retro PCs people use

26 February 2021
How this IMDb flaw gave me credit for working on Chernobyl, GOT, and other gigs

How this IMDb flaw gave me credit for working on Chernobyl, GOT, and other gigs

25 February 2021
Forget Bruce Willis. AI will protect us from killer asteroids instead

Forget Bruce Willis. AI will protect us from killer asteroids instead

24 February 2021
COMb data leak - Mother of all breaches

COMB: largest breach of all time leaked online with 3.2 billion records

12 February 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
    • Best web hosting services
  • Tools
    • Password generator
    • Personal data leak checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!