More than 22 million records linked to users of anonymous video chat platform FTF Live were reportedly exposed after publicly accessible analytics and logging systems were discovered online.
The exposure allegedly affected approximately 22 million session records and included information tied to roughly 3.47 million identifiable users.
FTF Live markets itself as an anonymous random video chat platform that connects users through web and mobile applications.
Analytics platform exposed millions of sessions
According to publicly disclosed findings, an internet-accessible Kibana dashboard exposed user analytics and metadata associated with millions of platform sessions.
The exposed information reportedly included usernames, email-related identifiers, IP addresses, device information, session details, language settings, and location-related metadata.
While no video conversations were reported as exposed, the data could potentially allow user activity to be linked back to specific individuals, undermining the anonymity promoted by the platform.
Backend logging systems exposed sensitive credentials
The incident reportedly extended beyond analytics data. An exposed Dozzle logging instance allegedly provided visibility into backend application activity and operational systems.
According to the findings, the logs contained plaintext passwords, session tokens, internal API requests, and additional service telemetry that could potentially aid unauthorized access attempts.
The combination of exposed user metadata and backend credentials significantly increased the potential impact of the exposure.
Questions remain about platform oversight
The ownership structure behind FTF Live reportedly spans multiple corporate entities, making accountability and disclosure efforts more complicated.
At the time the exposure was reported, it remained unclear how long the systems had been publicly accessible or whether unauthorized parties accessed the information before it was secured.
The incident also highlights broader concerns surrounding platforms that advertise anonymous communications while collecting large volumes of user metadata capable of identifying individual users.
BreachNews recently reported on the alleged OnlyFans mega leak, another incident that raised concerns about privacy expectations and sensitive online activity.
Users concerned about possible exposure can review our guide on responding to a data breach notification.
