Senior Dating, a niche dating platform targeting users aged forty and older, suffered a data breach due to an exposed Firebase database that had been left publicly accessible without proper authentication or access-control configuration since approximately April 2024. The vulnerability was independently identified by security researcher 'BobDaHacker' who reported it to the platform operator in April 2024, and again by OSINT researcher Ryan Fae in late 2024. The operator did not remediate the vulnerability for approximately seven to eight months despite the disclosure attempts. Ryan Fae publicly disclosed the vulnerability on X on December 3, 2024 with details indicating the scope of the exposure, which prompted the operator to acknowledge the breach and shut down the platform on approximately December 4, 2024. The breach was indexed by Have I Been Pwned on December 9, 2024. The same operator's sister property Ladies.com (a lesbian dating platform) also suffered an analogous Firebase exposure, with the combined breach across both platforms affecting approximately 917,000 users.

The breach affected approximately 765,517 users on Senior Dating based on records indexed by breach-tracking services. Compromised fields included email addresses, full names, dates of birth, profile photographs, biographical information, geographic location data with precise latitude and longitude coordinates, gender, education levels, occupations, relationship statuses, drinking and smoking habits, and Facebook social media profile linkages. The dataset did not include passwords because Firebase authentication is typically managed through linked authentication providers including Facebook in this case rather than stored credentials. The combination of profile photograph with precise geographic coordinates, date of birth, and demographic information creates an unusually severe identification risk because affected users can be visually and contextually matched across multiple data points to specific addresses or neighborhoods.

For affected users, the practical risk profile is exceptionally severe given the sensitivity of the field set and the elevated romance-scam vulnerability of the affected demographic. The combination of profile photograph with precise GPS coordinates and lifestyle attributes supports targeted romance-scam, harassment, and extortion campaigns that may be particularly effective against the affected age demographic, which the U.S. Federal Trade Commission has identified as disproportionately victimized by romance scams. Affected users should be alert to unsolicited contact from individuals claiming to know personal details about their location, lifestyle, or dating history that may have been derived from the leaked dataset. Affected users who receive extortion attempts should not pay ransom demands because payment does not stop further extortion. Users should monitor financial accounts for unusual activity, treat any unsolicited romantic or financial-investment outreach with extreme caution, document any suspicious contact, and report extortion attempts to local law enforcement and the U.S. Federal Trade Commission at reportfraud.ftc.gov. Affected users who have concerns about romance scams should consult resources from AARP and the FTC, both of which maintain detailed guidance for older adults targeted by romance fraud.

Senior dating platforms collect highly sensitive profile data, photos, messages, contact details, subscription records, and relationship preferences tied to matchmaking for older adults.

Senior Dating was shut down in early December 2024 following the public disclosure of the Firebase database exposure. The shutdown also covered Ladies.com, the sister property operated by the same entity. The Senior Dating mobile application was removed from Google Play. The case has been widely cited in dating-platform cybersecurity coverage as illustrating the pattern of operator unresponsiveness to security disclosure. OSINT researcher Ryan Fae disclosed the vulnerability on X on December 3, 2024 after months of unresponsive communications with the operator. Earlier vulnerability disclosure attempts by independent researcher 'BobDaHacker' had also been received by the operator beginning in February 2024 (for Ladies.com) and April 2024 (for Senior Dating) but had not led to remediation. The breach was indexed by Have I Been Pwned on December 9, 2024.