A double fault that hits all the FTF Live infrastructure.
Video chat FTF Live promised users anonymous conversations with random people, but due to an error in the settings, these millions of sessions were available to any person on the Internet. Cybernews specialists found an open Kibanasection of Kibana related to the service, and found that through it it was possible to view detailed information about users and their connections.
FTF Live works in the browser on the site ftf.live and through a mobile application. Such services usually allow you to start a conversation almost immediately: the user gives access to the camera and the microphone, chooses a name and interests, after which the system connects it with strangers from different countries. The creators of the platform at the same time promised anonymity.
According to Cybernews, the Kibana section showed records of more than 22 million sessions. Approximately 3.47 million records contained user names or identifiers related to email addresses. The leak also included the names and types of devices, information about the browser and platform, IP addresses, connection data, country and language, gender, type of account, and for paying users also data related to invoices and payment.
The initial video chats, according to experts, were not publicly available. However, some service data could be enough to track people in different sessions, especially if IP addresses, usernames and device information were available. For the service of random video calls, such a dataset is especially sensitive, since users could discuss personal topics or conduct frank conversations, counting on anonymity.
A particular risk arose for vulnerable groups, including LGBTQ users in countries with strict restrictions, minors and people who discussed sensitive topics. The leak could help the attackers in phishing, surveillance, fraud and attempts to hack accounts.
During the inspection, Cybernews also found a second open service on the same infrastructure. Dozzle, a tool that allows you to view Docker container logs in the browser, was available without logging in. Through it, in real time, the journals of internal services FTF Live were opened.
In these journals, according to Cybernews, there were open passwords, session tokens, internal requests for software interfaces, service events and information about the infrastructure. Such a mistake sharply increased the seriousness of the incident, since an outsider could monitor the operation of internal systems while users were working with the platform.
Experts believe that the combination of open Kibana and Dozzle has created a severe security risk for FTF Live. The first service disclosed the accumulated analytics, and the second showed the work of internal systems in real time.
The scale of the leak cannot yet be confirmed independently. The data themselves indicate that the service could affect millions of users, although, according to Semrush statistics, in April 2026 the service received a little more than 608 thousand visits per month, and the average session lasted more than 7 minutes. The Android application FTF Live appeared on Google Play on April 5 and scored 5 thousand downloads, after which the store recently deleted the application.
According to the temporary labels in the indices, it can be seen that the data continued to be collected before they were discovered at the end of 2025. Earlier records show that the data could have been stored for several years. How long the open panels were available on the Internet is unknown.
Cybernews contacted the company, but by the time of publication, the answer had not received. The structure of ownership of the platform also looks confusing. The Android application, according to Cybernews, was released on behalf of Burhan LTD, which also published Descargar Music Map Map Ones applications with more than 10 million downloads and Pink Video Chat available on Google Play. The data operator’s privacy policy lists Cyprus Cooy Ads Ltd., and support and brand design are linked to the name Pixover.
Cybernews first reported the issue on December 12, 2025, and on January 1, 2026, CERT was notified.
Video chat FTF Live promised users anonymous conversations with random people, but due to an error in the settings, these millions of sessions were available to any person on the Internet. Cybernews specialists found an open Kibanasection of Kibana related to the service, and found that through it it was possible to view detailed information about users and their connections.
FTF Live works in the browser on the site ftf.live and through a mobile application. Such services usually allow you to start a conversation almost immediately: the user gives access to the camera and the microphone, chooses a name and interests, after which the system connects it with strangers from different countries. The creators of the platform at the same time promised anonymity.
According to Cybernews, the Kibana section showed records of more than 22 million sessions. Approximately 3.47 million records contained user names or identifiers related to email addresses. The leak also included the names and types of devices, information about the browser and platform, IP addresses, connection data, country and language, gender, type of account, and for paying users also data related to invoices and payment.
The initial video chats, according to experts, were not publicly available. However, some service data could be enough to track people in different sessions, especially if IP addresses, usernames and device information were available. For the service of random video calls, such a dataset is especially sensitive, since users could discuss personal topics or conduct frank conversations, counting on anonymity.
A particular risk arose for vulnerable groups, including LGBTQ users in countries with strict restrictions, minors and people who discussed sensitive topics. The leak could help the attackers in phishing, surveillance, fraud and attempts to hack accounts.
During the inspection, Cybernews also found a second open service on the same infrastructure. Dozzle, a tool that allows you to view Docker container logs in the browser, was available without logging in. Through it, in real time, the journals of internal services FTF Live were opened.
In these journals, according to Cybernews, there were open passwords, session tokens, internal requests for software interfaces, service events and information about the infrastructure. Such a mistake sharply increased the seriousness of the incident, since an outsider could monitor the operation of internal systems while users were working with the platform.
Experts believe that the combination of open Kibana and Dozzle has created a severe security risk for FTF Live. The first service disclosed the accumulated analytics, and the second showed the work of internal systems in real time.
The scale of the leak cannot yet be confirmed independently. The data themselves indicate that the service could affect millions of users, although, according to Semrush statistics, in April 2026 the service received a little more than 608 thousand visits per month, and the average session lasted more than 7 minutes. The Android application FTF Live appeared on Google Play on April 5 and scored 5 thousand downloads, after which the store recently deleted the application.
According to the temporary labels in the indices, it can be seen that the data continued to be collected before they were discovered at the end of 2025. Earlier records show that the data could have been stored for several years. How long the open panels were available on the Internet is unknown.
Cybernews contacted the company, but by the time of publication, the answer had not received. The structure of ownership of the platform also looks confusing. The Android application, according to Cybernews, was released on behalf of Burhan LTD, which also published Descargar Music Map Map Ones applications with more than 10 million downloads and Pink Video Chat available on Google Play. The data operator’s privacy policy lists Cyprus Cooy Ads Ltd., and support and brand design are linked to the name Pixover.
Cybernews first reported the issue on December 12, 2025, and on January 1, 2026, CERT was notified.
