Rela, Chinese Lesbian Dating App, Exposed Personal Data of 5.3 Million User Profiles
Last updated May 18, 2024
The “Telmate” platform that specializes in inmate communications has exposed the personal details of millions of prisoners, as well as their outside contacts. In most cases, that would be friends and family, but the situation is far more complicated for some inmates.
The exposure came through an unprotected database that was discovered by Bob Diachenko on August 13, 2020, while the owner of Telmate, Global Tel Link, responded to the researcher’s alert in just a couple of hours. While the securing of the database came quickly, the total exposure period remains unknown.
The following information was found in the millions of records contained in three individual indexes:
So, this data leak affects inmates, their contacts, and also Telmate administrators. This triple trouble translates to a wide range of potential exploitation, risks, dangers, etc. From scammers to people looking for retaliation, anyone could use the above details to attack the exposed individuals.
Also, family members and friends could become subject to harassment or even discrimination. Of course, phishing attacks are also included in the sphere of possibilities, as there’s a rich set of data that can be combined to create convincing social engineering settings.
Global Tel Link is a US-based firm that owns and develops Telmate. Telmate, in turn, develops and operates “GettingOut” and “Guardian.” The first one is an internet-based app that enables inmates to create and send media messages to the world outside, as well as to receive messages. Guardian is an app that monitors the location of inmates who are out on parole.
As Diachenko clarifies, there are no data from these two platforms in the exposed database, so the incident hasn’t affected Guardian or GettingOut data.
GTL has already had legal trouble with the allegedly exploitative manner they decided what to charge inmates and their families for communications, so this data exposure may bring additional lawsuits and demands for compensation. In any case, they mishandled very sensitive data, and the implications from this occurrence are dire.