Israeli LGBTQ App Atraf Faces Data Leak 700000 Users Affected

Israeli LGBTQ App Atraf Faces Data Leak, 700,000 Users Affected
Another day, another alleged data breach putting hundred of thousands of unsuspecting users at risk.

BY
WAQAS
MARCH 30, 2024
2 MINUTE READ
Hacker Claims to Leak Full Atraf Database, Affecting Over 669,000 Users
Atraf, a popular Israeli LGBTQ dating app, has suffered a major data breach exposing personal information of over half a million users – Leaked data includes clear text password and payment card data – Atraf users are advised to change their passwords immediately!

In November 2021, Hackread.com reported a ransom failure leading to the data leak of some Israeli LGBTQ dating app Atraf users. The group responsible for the attack, Black Shadow, originated from Iran. They demanded a ransom of $1 million after acquiring the app’s data by compromising an Israeli hosting service named CyberServe.

Now, a user on Breach Forums, apparently of Russian origin, claims to have leaked the Atraf database, containing the personal data of over 1.5 million users. However, Hackread.com has analyzed the 2.63 GB worth of data, which appears legitimate. After removing duplicates, the total number of leaked accounts decreases to over half a million, precisely 669,672.

It’s worth noting that the Atraf database was leaked twice in 2023 on the same forum. However, neither of these leaks contained clear text passwords or sensitive personal information like the latest one.

Hacker Claims to Leak Full Atraf Database, Affecting Over 669,000 Users
What the Breach Forums user posted on the forum (Credit: Hackread.com)
It’s important to note that the data breach remains alleged until official confirmation from the company. Meanwhile, our analysis reveals a treasure trove of personal and sensitive information, primarily from Israeli users. This information includes:

Full names
Nicknames
County
City
Age
Height
Religion
Address
Phone numbers
IP addresses
Data of birth
Interests and hobbies
Sex and Gender
Sexual orientation
Email addresses
Plain text passwords for some
Location coordinates
Type of smartphone and operating system
Conversations in direct messages (DMs)
Family details including if they have children or not
Payment card data excluding card numbers but including CVV codes, expiry dates, and card types (Master/Visa).
And much more…
Hackread.com can confirm that the leaked records date back to 2021, with no recent records. The timeline aligns with the claims made by Black Shadow in November 2021, suggesting that the data might be legitimate.

Hacker Claims to Leak Full Atraf Database, Affecting Over 669,000 Users
Screenshot from the leaked data (Credit: Hackread.com)
Nevertheless, this data breach poses a significant threat to the privacy and physical security of affected users. It can result in online harassment and the hacking of email accounts, as the breach includes clear text passwords.

If you are an Atraf user, you must immediately change the passwords for both your email and Atraf account. Additionally, exercise caution with emails purportedly from Atraf and double-check before clicking any links, as they could be attempts by cybercriminals to compromise your data further or infect your device with malware.

Hackread.com has notified Atraf about the breach, seeking their official response. If you have any concerns about your data, you can also contact Hackread.com at [email protected].