Nearly 1.5 million explicit images from user profiles on five dating apps, including BDSM People and Chica, were found online without password protection, prompting calls for increased security measures.
Major Security Breach Exposes 1.5 Million Private Images from Dating Apps
Major Security Breach Exposes 1.5 Million Private Images from Dating Apps
Research reveals unprotected user photos from kink and LGBT dating applications, raising concerns over data security and potential extortion risks.
Researchers have uncovered a significant security flaw affecting five dating apps associated with kink and LGBT communities, revealing that approximately 1.5 million private user images were stored online without any password protection. This alarming discovery puts users at risk of malicious hacking and potential extortion, particularly in regions where LGBT individuals are marginalized.
The investigation, led by ethical hacker Aras Nazarovas from Cybernews, found images linked to BDSM People, Chica, and other niche platforms developed by M.A.D Mobile. Users of these services, estimated to number between 800,000 and 900,000, have been left vulnerable after being warned about security issues as early as January 20. Despite the warning, M.A.D Mobile did not act until contacted by the BBC on Friday.
Mr. Nazarovas described the ease of accessing the unencrypted images after analyzing the apps' underlying code. "I was shocked to find the folder publicly accessible,” he stated. The images included not only profile pictures but also private messages and previously moderated content. The lack of labeling with user identities complicates straightforward targeting for malicious actors, although the risk remains significant.
M.A.D Mobile expressed gratitude toward Nazarovas for highlighting the vulnerability but has remained opaque about the origins of the security lapse and why it took months to implement a fix. "We appreciate their work and have already taken the necessary steps to address the issue," stated a company representative, with an update promised in the coming days. Despite these assurances, concerns persist that additional hackers may have also discovered the exposed images.
Security researchers typically wait for a flaw to be rectified before making it public; however, given the potential risks faced by users, Nazarovas prioritized alerting individuals to protect themselves, noting, "It’s always a difficult decision, but we think the public needs to know." This incident echoes historical breaches, such as the 2015 Ashley Madison hack, underscoring the ongoing threats faced by users of dating applications in today's digital landscape.
