A recent investigation revealed that nearly 1.5 million explicit images from LGBT and kink dating apps were stored online without proper security, risking potential exploitation. M.A.D Mobile, which operates the affected apps, identified the issue after a cybersecurity expert alerted them, but the timeline raises concerns about user privacy and protection.
Major Security Breach Exposes 1.5 Million Private Images on LGBT and Kink Dating Apps
Major Security Breach Exposes 1.5 Million Private Images on LGBT and Kink Dating Apps
Five dating platforms are under scrutiny following the discovery of nearly 1.5 million unprotected private user images accessible online, highlighting significant security flaws.
Researchers have reported a serious security incident involving nearly 1.5 million private images uploaded to five dating apps tailored for LGBT and kink communities. These platforms, including BDSM People and Chica, were discovered to have stored explicit user photos online without password protection, posing significant risks of exposure to hackers and potential malicious actors.
The leak, affecting an estimated 800,000 to 900,000 users, was first highlighted by ethical hacker Aras Nazarovas from Cybernews. He found the vulnerability while analyzing the apps’ code, shocked by the easy access to unencrypted private photos. According to Nazarovas, the images included not only profile pictures but also private messages and even content flagged by moderators.
Despite warnings issued to M.A.D Mobile on January 20, action to mitigate the flaw was delayed until contacted by the BBC, raising questions about the company's response procedures. Once notified, M.A.D Mobile confirmed the issue had been addressed but provided no insights on how the security failure occurred.
Nazarovas expressed concerns about the implications of the data exposure, particularly for users living in areas hostile to LGBT communities, where such information could lead to targeted harassment or extortion. While text content from private messages was not exposed, the potential for malicious activity remains.
M.A.D Mobile expressed gratitude to Nazarovas for highlighting the vulnerability and mentioned that a forthcoming update would enhance security measures in the affected apps. However, they refrained from addressing queries regarding their operational base and the reasons for the protracted response to the issue.
In contrast to the usual practice of waiting for vulnerabilities to be fixed before making them public, Nazarovas and his team decided to disclose their findings immediately due to their concerns about user safety. The prevalence of similar data breaches in the past, such as the infamous Ashley Madison hack in 2015, underscores the ongoing challenges in safeguarding sensitive user data on dating platforms.
The discussion around the incident opens a broader dialogue about the importance of stringent security measures for apps, especially those catering to marginalized groups, where the consequences of exposure can be more severe.
