A staggering 1.5 million images, including explicit content, from kink and LGBT dating apps were discovered online, vulnerable to unauthorized access. Researchers alerted the company responsible for the breach, prompting a fix after months of negligence, impacting thousands of users.
Major Security Flaw Exposes 1.5 Million Private Images from Kink and LGBT Dating Apps
Major Security Flaw Exposes 1.5 Million Private Images from Kink and LGBT Dating Apps
Sensitive user images from five dating platforms were found online without protection, raising significant privacy concerns.
In a troubling revelation, researchers have uncovered an alarming security flaw affecting five dating applications tailored to kink and LGBT communities, leading to nearly 1.5 million private user images being stored online without any password protection. These images, many of which contain explicit content, were left exposed and accessible to anyone with the link, significantly risking the privacy of the users they belong to.
The affected applications were developed by M.A.D Mobile and include BDSM People, a kink-based site, as well as LGBT-focused platforms such as Chica, Pink, Brish, and Translove. Approximately 800,000 to 900,000 individuals are believed to use these services, heightening the urgency for enhanced security measures.
The security vulnerability was initially reported to M.A.D Mobile on January 20, yet the company delayed action until receiving a follow-up email from a BBC representative. M.A.D Mobile has since patched the issue, but they have not disclosed the cause of the security lapse or the reasons behind their failure to protect these sensitive images for so long.
Ethical hacker Aras Nazarovas from Cybernews, who initially detected the security issue, expressed his shock at the ease of access to unencrypted and unprotected photos. "The first app I investigated was BDSM People, and the first image in the folder was a naked man in his thirties," he explained. "As soon as I saw it, I realized that this folder should not have been public."
This alarming discovery poses significant risks for users, particularly those residing in countries that are hostile toward LGBT individuals. Malicious hackers could exploit the leaked images for extortion, raising concerns not only about privacy but also personal safety.
While M.A.D Mobile publicly thanked Nazarovas for bringing the issue to their attention, they did not provide further details regarding the company’s location or the timeline of their negligence. As security researchers typically refrain from reporting vulnerabilities until they are resolved, Nazarovas and his team faced a difficult choice in alerting the public early due to concerns that the company might not act promptly.
This incident bears a haunting resemblance to the infamous 2015 Ashley Madison data breach, where a considerable amount of sensitive user information was stolen. As the debate surrounding cybersecurity continues, this case serves as a stark reminder of the imperative need for robust protection measures within digital dating platforms.
