Skip to content

Information Security News

  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Google
    • Android
  • Information Security
  • Linux
  • Malware
  • Microsoft
    • Windows
  • Open Source Tool
  • Vulnerability
  • Technology

Information Security News

  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Google
    • Android
  • Information Security
  • Linux
  • Malware
  • Microsoft
    • Windows
  • Open Source Tool
  • Vulnerability
  • Technology
  • Data Leak

Anonymity Stripped: Unsecured Kibana and Dozzle Dashboards Leak 22 Million FTF Live Video Chat Records

by Nam Phong · May 21, 2026

The FTF Live video-chat ecosystem, which explicitly guaranteed its consumer base absolute anonymity during randomized social interactions, has suffered a severe misconfiguration exploit exposing the volatile session metadata of millions of individuals to the public internet. Threat intelligence cells at Cybernews isolated an unauthenticated Kibana dashboard tied directly to the platform’s infrastructure, confirming that the exposure facilitated the unhindered parsing of deep analytics surrounding user identities and transport-layer configurations.

FTF Live functions as a browser-native web application hosted at ftf.live alongside a dedicated mobile framework. Such real-time communication platforms are engineered to minimize onboarding friction: users grant immediate hardware access to camera and microphone peripherals, specify a transient pseudonym coupled with topical interests, and are promptly paired with global interlocutors via an automated matchmaking loop—an architecture heavily dependent upon the platform’s ironclad promises of anonymity.

Per forensics compiled by Cybernews, the unsecured Kibana instance exposed data records charting in excess of 22 million discrete connection events. Approximately 3.47 million of these data points harbored explicit usernames or distinct identifiers mapped to active electronic mail coordinates. The data exposure similarly comprised rich host environment configurations—including device nomenclature, operating system classifications, browser user-agent strings, and hardware platform metrics—alongside public IP addresses, granular routing logs, geopolitical geolocations, localized linguistic settings, user tier classifications, and, critically for premium subscribers, structural billing and payment transaction records.

While investigators validated that the raw real-time multimedia streams themselves escaped public exposure, the exfiltrated metadata clusters proffer sufficient analytical leverage to dynamically track and de-anonymize individuals across multiple distinct connection cycles—a correlation particularly potent when cross-referencing persistent IP addresses, static profile names, and rigid device signatures. Within the paradigm of a randomized chat utility, this specific dataset possesses heightened sensitivity, given that the user base routinely engaged in intimate or highly candid interactions under the explicit assumption of absolute digital privacy.

This exposure introduced severe downstream hazards for highly vulnerable demographics, including LGBTQ+ communities navigating oppressive regulatory regimes, minors, and individuals exchanging sensitive personal disclosures. The aggregated telemetry provides adversarial syndicates with a comprehensive staging ground to execute targeted spear-phishing campaigns, persistent surveillance operations, financial extortion schemes, and credential-stuffing incursions.

During the containment and triaging phase, Cybernews isolated a secondary unsecured service operating within the identical infrastructure core. Dozzle, a lightweight utility designed to stream real-time Docker container logs directly to a browser viewport, was discovered accessible entirely absent authentication controls. This management exposure facilitated the real-time, public streaming of FTF Live’s internal core application daemons.

These active log files, according to Cybernews, routinely rendered plaintext administrative passwords, active session tokens, un-sanitized internal API queries, operational subsystem events, and internal network architecture manifests. This specific operational failure compounded the severity of the primary data exposure, as it empowered malicious onlookers to dynamically monitor the internal execution state of the back-end infrastructure concurrent with live user engagement.

Security analysts deduce that the simultaneous exposure of the historical Kibana datastore and the live Dozzle log-streaming framework presented an absolute security collapse for FTF Live. The former asset systematically exposed historical aggregated analytics, whereas the latter provided a real-time blueprint of active, low-level internal server operations.

The precise absolute scale of the compromise remains challenging to independently validate. While the underlying indices indicate a historical exposure field encompassing millions of identities, adjacent digital traffic metrics from Semrush document a more conservative baseline, logging roughly 608,000 monthly visits during April 2026, with an average engagement duration exceeding seven minutes. The Android iteration of FTF Live was introduced to the Google Play Store on April 5, rapidly accumulating 5,000 installations prior to its recent, abrupt extraction from the marketplace by Google’s compliance teams.

Temporal markers embedded within the exposed index databases reveal that data harvesting was continuous up until its discovery in late 2025. Legacy entries confirm that the historical data preservation architecture spanned multiple fiscal cycles. The absolute temporal window during which these administrative control panels remained exposed to opportunistic internet scanning remains unquantified.

Cybernews initiated responsible disclosure processes with the organization, yet the platform maintainers failed to proffer an official response prior to publication. The underlying corporate ownership matrix behind the asset remains profoundly labyrinthine. Regulatory filings indicate the Android framework was deployed under the corporate banner of Burhan LTD, an entity also credited with publishing the Descargar Musica Mp3 Tones application suite—boasting over 10 million downloads—alongside the active Pink Video Chat utility. Conversely, the core privacy documentation designates Cyprus-registered Cooy Ads Ltd. as the principal data controller, while secondary technical support structures and brand assets are explicitly tied to an entity trading as Pixover.

Cybernews initially cataloged the structural anomaly on December 12, 2025, subsequently escalating the compromise to regional CERT authorities on January 1, 2026, to enforce systemic remediation.

Related coverage

  • Android Signing Key Leak Exposes 278 Apps to Fake Updates
  • Apple Hide My Email Vulnerability Exposes Real Addresses
  • BioShocking: How a Fake Game Tricks AI Browsers Into Leaking Secrets
  • Libya Central Bank Breach Leaks Internal Data
  • Temu Data Leak Claim: 310M Records for Sale

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share

Tags: Burhan LTDCooy Ads LtdData Leak CybernewsDe-anonymization RiskDozzle Docker LogsFTF Live Video ChatReal-time Token LeakRegional CERT EscalationSession Metadata ExposureUnsecured Kibana Dashboard

Follow:

  • Next story The Pre-Boot Breach: Microsoft Releases Critical Emergency Script to Defend Against “YellowKey” BitLocker Bypass
  • Previous story The Egress Hijack: How the Kimwolf Botnet Weaponized Commercial Residential Proxies for Mass Cyber Attacks

  • Recent Posts
  • Popular Posts
  • Tags
  • Favicon attack surface intelligence and server discovery graphics

    Vulnerability

    Uncovering the Favicon Attack Surface

    July 7, 2026

  • T3MP3ST vulnerability framework architecture and autonomous AI agent workflow

    Open Source Tool

    The T3MP3ST Vulnerability Framework

    July 7, 2026

  • uBlock Origin new filters blocking ClickFix malware pop-ups and BNB Chain testnet requests

    Malware

    uBlock Origin Blocks ClickFix Malware Pop-ups

    July 7, 2026

  • GamersFirst Anti-Cheat GFAC driver CVE-2026-12168 kernel privilege escalation to SYSTEM

    Vulnerability

    GamersFirst Anti-Cheat Driver Has 3 CVEs in Windows

    July 7, 2026

  • FatFs vulnerabilities in embedded devices triggered by crafted SD card or USB drive

    Vulnerability

    7 FatFs Bugs Threaten Embedded Devices via Removable Media

    July 6, 2026

  • Iranian cyberattacks on Israel cyber war graphic

    Cyber Security

    Iranian Cyberattacks on Israel Triple in 2026

    July 2, 2026

  • SolydXK 10.4 released: based on Debian Buster

    Linux

    SolydXK 10.4 released: based on Debian Buster

    September 27, 2019

  • OpenSUSE Leap 15.4 Beta releases, Linux distributions

    Linux

    OpenSUSE Leap 15.4 Beta releases, Linux distributions

    May 30, 2020

  • Ubuntu 16.04.6 LTS released: fix security vulnerabilities

    Linux

    Ubuntu 16.04.6 LTS released: fix security vulnerabilities

    March 1, 2019

  • GhostBSD 23.10.1 released, FreeBSD distribution

    Linux

    GhostBSD 23.10.1 released, FreeBSD distribution

    May 1, 2020

  • AI AI security Android Apple APT BOTNET China CISA cloud security cryptocurrency cyberattack cybercrime Cyber Espionage cybersecurity Cybersecurity 2026 data breach Github google hacking Infosec InfoSec 2026 Infostealer Linux Linux Kernel malware Microsoft network security open source Penetration Testing phishing privacy privilege escalation Prompt Injection ransomware RCE remote code execution security Social Engineering supply chain attack Tech News 2026 threat intelligence vulnerability windows Windows 11 zero-day
  • Home
  • About Us
  • Contact Us
  • DMCA NOTICE
  • Privacy Policy

Information Security News © 2026. All Rights Reserved.

Powered by  - Designed with Hueman Pro