A recent security breach involving dating platforms targeting the kink and LGBT communities has put around 1.5 million private images at risk, exposing users to potential hacking and extortion. Despite receiving warnings about the vulnerability months prior, M.A.D Mobile, the developer, only acted after media inquiries brought it to light.
Major Security Breach Exposes 1.5 Million Private Images from Kink and LGBT Dating Apps
Major Security Breach Exposes 1.5 Million Private Images from Kink and LGBT Dating Apps
A shocking security flaw has left nearly 1.5 million sensitive user images from popular dating apps exposed online, raising concerns about potential exploitation and harassment.
In a disturbing revelation, researchers have uncovered a significant security breach involving nearly 1.5 million private user images from five specialized dating apps, including the kink-oriented BDSM People and the LGBT-focused Pink, Brish, Chica, and Translove. All of these platforms have been using unprotected storage for sensitive pictures, rendering them accessible to anyone with the appropriate link.
The affected apps cater to approximately 800,000 to 900,000 users, and many of the exposed images are explicit in nature. Ethical hacker Aras Nazarovas from Cybernews, who brought the vulnerability to light, expressed his shock at how easily he could access the unencrypted images without any form of password protection. "The first app I investigated was BDSM People, and I immediately realized that the folder containing sensitive images should not have been public," he stated.
Despite warnings sent to M.A.D Mobile about the security gaps back on January 20th, the company only took appropriate actions after receiving inquiries from the BBC last Friday. Although they have reportedly resolved the issue, they have not disclosed how the lapse occurred nor why it took them so long to respond.
Nazarovas highlighted the significant risks users were facing due to the exposure. Malicious individuals could use the images for extortion, and users in countries where LGBT identities are criminalized could face severe repercussions.
A spokesperson from M.A.D Mobile acknowledged the gravity of the situation, thanking Nazarovas for identifying the vulnerability but did not address additional inquiries about the company’s location or the delayed response time. They did note that an app update addressing the issue is forthcoming.
Typically, security researchers opt to remain silent until a vulnerability is resolved to prevent user harm; however, Nazarovas and his team decided to go public with their findings before a fix was implemented due to concerns over the app’s apparent inaction.
This breach echoes the notorious 2015 leak of Ashley Madison user data, reminding users of the ongoing risks associated with online dating platforms and the importance of robust data protection measures in today’s digital landscape.
