A security flaw in five dating apps, including those targeted towards the LGBT and kink communities, has resulted in the exposure of approximately 1.5 million user images. Ethical hackers notified the company M.A.D Mobile, who have since fixed the issue but have not provided a clear explanation for the breach.
Major Security Breach Exposes 1.5 Million User Images from Dating Apps
Major Security Breach Exposes 1.5 Million User Images from Dating Apps
A shocking vulnerability has been found in several dating apps, exposing nearly 1.5 million private images that were accessible without password protection, raising serious concerns about user privacy and security.
Researchers have revealed that nearly 1.5 million private images from various niche dating apps were left unprotected online, creating a significant risk for users. The affected platforms, which include BDSM People, Chica, Pink, Brish, and Translove, are estimated to serve a combined user base of 800,000 to 900,000 individuals. Many of the exposed images are explicit and accessible via direct links without the need for any password safeguards.
The issue came to light after ethical hacker Aras Nazarovas from Cybernews discovered the security lapse while examining the code of these apps. He was alarmed to find unencrypted images, including private messages and previously moderated content, publicly available. "The first app I investigated was BDSM People, and seeing that naked image confirmed this folder should not have been public," he stated, highlighting the sensitive nature of the material.
These significant security shortcomings pose immense risks for users, especially for those in regions with anti-LGBT sentiments, as malicious hackers could exploit this trove of images for extortion. M.A.D Mobile was first alerted to the vulnerability in January but failed to take adequate measures until prompted by the BBC last Friday. Although the issue has since been rectified, M.A.D Mobile has offered little insight into the cause of the breach or their delayed response.
In an official statement, the company expressed appreciation for the researcher’s efforts in identifying the vulnerability but did not elaborate on whether other hackers had exploited this flaw first. "We appreciate their work and have already taken the necessary steps to address the issue," a spokesperson for M.A.D Mobile mentioned. An additional app update is expected to roll out soon to further secure user information.
Generally, security researchers delay public disclosures of vulnerabilities to avoid risking user safety. However, in light of what they perceived as a lack of urgency from M.A.D Mobile in rectifying the flaw, Nazarovas and his team made the controversial decision to inform the public. "It's always a difficult decision, but we think the public needs to know to protect themselves," he remarked.
This incident draws parallels to previous data breaches, such as the notorious 2015 hack of Ashley Madison, which similarly compromised the privacy of users of a dating platform. The incident has reignited discussions on the importance of robust security measures within online dating and social networking spaces.
