- Five kink and LGBT apps exposed sensitive user images
- The images were stored on a server without password protection
- The apps' developer left the issue unfixed for months
Five dating apps exposed over 1.5 million private and explicit images after storing the images in cloud storage buckets without any password protection.
Cybersecurity researchers found the image servers of BDSM People, Chica, Pink, Brish and Translove to be highly vulnerable to hackers, putting between 800,000 and 900,000 people at risk of blackmail and extortion.
The five sites are all from developer M.A.D Mobile, who was notified of the exposed servers on January 20 but did not remediate the issue until March 28, after the cybersecurity researchers published a report on the exposed servers.
Explicit images exposed
Cybernews researcher Aras Nazarovas discovered the exposed private image servers while conducting analysis on the code that powers the BDSM People app.
“The first image in the folder was a naked man in his thirties. As soon as I saw it I realised that this folder should not have been public," Nazarovas told the BBC.
On the servers, Nazarovas found several hundred gigabytes of photos, including images from profiles, images sent in direct messages, images that were supposedly removed from the app by moderators, photos from public posts, profile verification photos, and photos included in comments.
While the issue has now been remediated, there is no way of knowing how long the servers were exposed, or if Nazarovas was the only person to discover the trove of explicit images.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
A M.A.D Mobile spokesperson said, “We appreciate their work and have already taken the necessary steps to address the issue. An additional update for the apps will be released on the App Store in the coming days.”
Outside of the risk of extortion posed by the unprotected cloud storage buckets, users of the apps in countries with hostile attitudes to LGBT peoples were also put at risk.
Dating apps and sites are lucrative targets for hackers due to the highly sensitive personally identifiable information they store. If hit by a ransomware attack, the attackers could not only extort the company for money, but also threaten individuals with the exposure of their data if they don’t pay a fee.
You might also like
- World Backup Day 2025: All the news, updates and advice from our experts
- These are the best cloud backup services
- Data breach at Senior Dating website spills info of 765,000 users
Benedict Collins
Staff Writer (Security)
Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
More about security
Latest
See more latest
Most Popular
