Elite Mate, Solid Works and others fall victim of data leaks.
30 January 2022BREACHAWARE HQ
A total of 17 breach events
were found and analysed resulting in 1,520,294 exposed accounts
containing a total of 10 different data types of personal datum
. The breaches found publicly and freely available included Elite Mate, Solid Works, Shock Gore, Fun Cook and Free at Korea. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact Data, Technical Data, Usage Data, Financial Data, Locational Data, National Identifiers.
Data Breach Analysis
Although the organisations affected span very different purposes, from industrial design to dating, the underlying issue is consistent: improper data protection and poor digital hygiene, resulting in a sizeable pool of sensitive data left open to exploitation.Elite Mate appears to be a dating or social connection platform, one of many in a long line of breached services in this sector. Online dating platforms are routinely targeted due to their storage of sensitive personal preferences and communications.
For users, the fallout can include not just spam or phishing, but more deeply personal consequences like blackmail, harassment, or social stigma. The sensitivity of data in the dating space makes these breaches particularly harmful.
The inclusion of SolidWorks is notable because it suggests the compromise of accounts related to this major engineering design software suite, often used by professionals, students, and enterprises in mechanical engineering and product development.
This is a rare but an increasingly common form of breach that underscores a shift: engineering and industrial platforms are no longer off the radar. Whether targeting valuable intellectual property or exploiting weaker endpoints in education portals, malicious actors are turning their focus toward specialised platforms once assumed secure by obscurity.
Shock Gore is a platform associated with extreme or disturbing media, and while controversial, such sites attract heavy traffic from niche audiences. Importantly, many of these sites rely on minimal moderation, open forums, and third-party ad integrations, which can create fertile ground for:
- Credential theft via weak authentication protocols
- Phishing kits injected through ad content
- Open directories leaking user IPs, activity logs, or sign-up information
The breach of such platforms highlights a growing concern: even fringe or taboo online spaces house real user identities, often linked to emails, login habits, and behavioural patterns that can be exploited beyond the platform itself.
Fun Cook appears to be a cooking or recipe-sharing site, perhaps social in nature. Though such platforms may seem innocuous, they are part of a growing ecosystem of small-scale, user-generated content hubs that often collect login data, email subscriptions, and engagement metrics.
These lifestyle platforms tend to lack robust security teams or breach response protocols, making them easy targets for automated credential harvesting campaigns.
The platform Free at Korea could be interpreted as a cultural, informational, or even socio-political platform tied to Korean content or causes. If this includes VPN services, news aggregation, or activist forums, the breach could involve especially sensitive users, such as:
- Political dissidents
- Students accessing censored content
- Individuals exploring cross-border services
Exposure here carries not just privacy risks, but possible real-world safety consequences depending on the jurisdiction and use case. This underscores the importance of applying strong encryption and anonymous account structures on platforms serving vulnerable populations.
Cross-Sectoral Breach Trends
What this group of breaches shows, despite its relatively modest user count of 1.5 million, is that platform type is no longer a predictor of breach risk. Even low-profile services, small communities, and niche tools are now regularly targeted or swept up in broader data harvesting efforts. A few themes emerge:1. Overlapping digital identities: Users routinely reuse emails and passwords across cooking sites, forums, professional tools, and dating platforms. A breach in one weakly protected space can offer keys to more valuable accounts.
2. Lack of breach transparency: Many of the affected platforms are likely to be unaware of the breach or unprepared to issue user alerts. This creates a long tail of invisible exposure, where affected individuals never learn their data has been compromised.
3. Expanding threat landscape: From engineering software portals to adult content aggregators, there are now few digital environments considered immune to threat actors. Specialisation, once thought to offer protection, no longer applies.
4. Data retention outpacing security investment: Platforms often collect personal data without proportionate investment in protecting it. Usernames, email addresses, and login credentials remain the most commonly compromised fields, but even minimal leaks can serve as starting points for identity-based attacks.
User Safety Recommendations
For users who may have engaged with any of the listed platforms, or those operating in similar spaces, key steps include:- Change passwords immediately, especially if reused across platforms
- Use a password manager to ensure unique, strong credentials for each site
- Enable 2FA wherever supported, particularly on email and financial accounts
- Avoid disclosing unnecessary personal information on niche or lightly regulated sites
- Review historical platform use, consider deleting or deactivating accounts on platforms no longer in use.
Final Thoughts: A Reminder That No Platform Is Too Small to Breach
While this particular dataset involves fewer than 2 million exposed accounts, its significance lies in the diversity of platforms breached, from engineering portals to content-sharing communities. The fragmented nature of modern digital life means users routinely maintain dozens, if not hundreds, of online accounts, and any single breach can become a foothold for broader exploitation.As attackers continue to mine public dumps for overlooked vulnerabilities, the message to users and organisations alike is clear: privacy and protection must be embedded at every layer, regardless of scale, intent, or perceived risk.