You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Breaches and Incidents
- Chinese App Sweet Chat Exposes 10M Users’ Chats and Private Photos

Chinese App Sweet Chat Exposes 10M Users’ Chats and Private Photos
Chinese App Sweet Chat Exposes 10M Users’ Chats and Private Photos- August 13, 2019
- |
- Breaches and Incidents
/https://cystory-images.s3.amazonaws.com/shutterstock_342195950.jpg)
- The app exposed real-time chats and private chats of around 10 million users.
- The unsecured server remained accessible even after the researcher notified the company behind the app.
A security researcher discovered an unsecured server belonging to a Chinese app exposing chats and private photos of around 10 million users.
The big picture
The security researcher Darryl Burke discovered the Chinese app Sweet Chat exposing the chat contents and photos of over 10 million users through an unsecured server.
Burke noted that anyone with MQTT related tools could view real-time chats and private photos of all the online Sweet Chat users.
Further analysis of the exposed data revealed a significant amount of bot traffic generated on the app. The researcher suggests it was used to lure users into spending credits or to send various gift cards for financial gain.
About Sweet Chat
Sweet Chat is a Tinder-like Android chatting application. It had risen up to the top 10 social apps in Latin America, the Middle East, and some other regions. It is currently expected to have around 10 million users.
Sweet Chat uses the MQTT messaging protocol for the standard publish/subscribe features in the app. A flawed implementation of the MQTT protocol can lead to exposure of private data.
What data was compromised?
The unsecured server belonging to the company exposed real-time chats and private photos of all the online users on the Sweet Chat app.
How did the company respond?
On July 21, 2019, Burke notified the company behind the app regarding the unsecured server. However, by August 9, the server still remained unsecured.
Worth noting
On August 12, 2019, the researcher noticed that the exposed server was secured with a temporary fix. However, the researcher suggested the company required major design changes to fix all the issues.
- + Aware
Get such articles in your inbox
News
-
Previous News Newly discovered KNOB flaw found infecting Bluetooth-enabled devices
- August 14, 2019
- |
- Malware and Vulnerabilities
-
Next News New variant of Troldesh Ransomware targets victims via compromised website URLs
- August 13, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
-
How Secure Is Your Organization’s Translation Process?
- November 28, 2019
- |
- Emerging Threats
Categories
Get such articles in your inbox
News
-
Previous News Newly discovered KNOB flaw found infecting Bluetooth-enabled devices
- August 14, 2019
- |
- Malware and Vulnerabilities
-
Next News New variant of Troldesh Ransomware targets victims via compromised website URLs
- August 13, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
-
How Secure Is Your Organization’s Translation Process?
- November 28, 2019
- |
- Emerging Threats
Categories
