A significant security flaw has been revealed as researchers discovered nearly 1.5 million private user images from various dating apps made accessible online, prompting serious discussions on user privacy and security.
**Security Breach Exposes 1.5 Million Private Images from Kink and LGBT Dating Apps**
**Security Breach Exposes 1.5 Million Private Images from Kink and LGBT Dating Apps**
Newly uncovered vulnerability leaves users' explicit photos exposed, raising concerns about online safety.
Researchers recently uncovered a serious security vulnerability that has left private images from several dating apps—including kink and LGBT platforms—exposed online. Almost 1.5 million images, many of which contain explicit content, were made publicly accessible due to a lack of password protection on the servers of five specific applications developed by M.A.D Mobile, including BDSM People, Chica, Pink, Brish, and Translove.
These dating apps cater to an estimated user base of around 800,000 to 900,000 individuals. The issue came to light after ethical hacker Aras Nazarovas from Cybernews discovered the online storage insecurity while analyzing the apps' code. He was alarmed to find that these sensitive, unencrypted, and unprotected photos were freely accessible without any authentication.
Among the images found were not just profile pictures, but also private photos exchanged in messages as well as images that had previously been removed by moderators. Nazarovas warned that the potential risks to users are substantial, including the possibility of hackers using the exposed images for extortion, especially for individuals residing in oppressive regimes against LGBT rights.
Although M.A.D Mobile was first alerted to the security issue in January, they only rectified it after being contacted by the BBC. While the company has acknowledged fixing the issue, they have declined to provide details on why it took so long to act or how the breach occurred in the first place.
In response to the situation and potential dangers it posed, Nazarovas emphasized the difficult decision made by researchers to disclose the vulnerability publicly while it was still live, prioritizing user safety over traditional disclosure protocols. Historically, similar breaches affecting dating platforms, such as Ashley Madison, have raised alarm bells regarding user privacy, making this revelation particularly concerning for the community.
These dating apps cater to an estimated user base of around 800,000 to 900,000 individuals. The issue came to light after ethical hacker Aras Nazarovas from Cybernews discovered the online storage insecurity while analyzing the apps' code. He was alarmed to find that these sensitive, unencrypted, and unprotected photos were freely accessible without any authentication.
Among the images found were not just profile pictures, but also private photos exchanged in messages as well as images that had previously been removed by moderators. Nazarovas warned that the potential risks to users are substantial, including the possibility of hackers using the exposed images for extortion, especially for individuals residing in oppressive regimes against LGBT rights.
Although M.A.D Mobile was first alerted to the security issue in January, they only rectified it after being contacted by the BBC. While the company has acknowledged fixing the issue, they have declined to provide details on why it took so long to act or how the breach occurred in the first place.
In response to the situation and potential dangers it posed, Nazarovas emphasized the difficult decision made by researchers to disclose the vulnerability publicly while it was still live, prioritizing user safety over traditional disclosure protocols. Historically, similar breaches affecting dating platforms, such as Ashley Madison, have raised alarm bells regarding user privacy, making this revelation particularly concerning for the community.
