Nearly 1.5 million explicit user images from specialized dating apps were found online without protection, prompting security concerns for users. M.A.D Mobile was alerted to the issue but delayed rectification until further pressure from researchers brought attention to the lapse in security.
Security Breach Exposes 1.5 Million Private Images from LGBT and Kink Dating Apps
Security Breach Exposes 1.5 Million Private Images from LGBT and Kink Dating Apps
Researchers uncovered a major security flaw, leaving sensitive images from various dating platforms vulnerable to online exposure and potential exploitation.
Nearly 1.5 million private user images have been exposed online due to a significant security flaw from five dating apps catering to niche communities, including LGBT and kink interests. Researchers highlighted that the unprotected images, many of a sensitive nature, were available to anyone possessing the link, putting users at heightened risk of extortion and unwarranted exposure.
The affected applications—BDSM People, Chica, Pink, Brish, and Translove—are services developed by M.A.D Mobile, utilized by a user base estimated at between 800,000 and 900,000 individuals. M.A.D Mobile has faced scrutiny after being alerted to the security vulnerability on January 20; the company only took action after receiving an email from the BBC, which escalated concerns regarding user safety.
Ethical hacker Aras Nazarovas from Cybernews initially flagged the security issue when he discovered the online storage used by these apps was unencrypted and publicly accessible. Upon inspection, he was taken aback by the availability of explicit images, including private photos that should have remained confidential. "The first app I investigated was BDSM People, and immediately I recognized the enormity of the breach," he said.
Nazarovas expressed his concerns about the potential risks for users, emphasizing that malicious hackers could exploit this vulnerability for extortion, particularly affecting individuals in countries where LGBT rights are under severe threat. Fortunately, while the images were accessible, they lacked user names or other identifiable information, complicating any targeted attacks against individuals.
In a response to inquiries about the issue, M.A.D Mobile acknowledged the vulnerability and stated they appreciated the research efforts that led to the quick identification of the security gap. However, questions remain as to why there was a prolonged period without action after being informed of the breach multiple times. The company has since made corrections, claiming an additional update for the applications will be available soon.
The timely broader awareness provided by Nazarovas and his team highlights the critical nature of data security, especially in an era where individuals rely on online platforms for personal interactions. The decision to disclose the vulnerability while it remained unaddressed was made out of concern for user safety—a difficult yet necessary call to arms in the world of digital privacy.
