Researchers have unveiled a shocking security breach involving nearly 1.5 million personal images from dating apps tailored for kink and LGBT communities. The images, many explicit, were stored online without any password protection, leaving them wide open to prying eyes, hackers, and extortionists. The affected apps, developed by M.A.D Mobile, include BDSM People, Chica, Pink, Brish, and Translove, estimated to have between 800,000 to 900,000 users.
The vulnerability was first flagged back on January 20, but M.A.D Mobile only took action after a BBC inquiry last Friday. Although the company has now patched the issue, it hasn't disclosed how such a major oversight occurred. Ethical hacker Aras Nazarovas, who reported the flaw, was stunned to access unencrypted and unprotected images without any security barriers.
Nazarovas explained that the private images included not only profile pictures but also those shared in messages, some of which had already been deleted by moderators. He emphasized the potential risks for users, particularly individuals in regions where LGBT identities may be met with hostility. While the images were not associated with usernames, the possibility of targeted attacks still looms.
Expressing gratitude to Nazarovas, M.A.D Mobile acknowledged the breach and has committed to releasing an app update soon. However, the company has not provided clarity on their location or why it took so long to rectify the issue after users were initially alerted. In a bold move, Nazarovas and his team chose to go public with the story before a fix was fully implemented, fearing that the company might remain inactive.
This incident echoes past data breaches, such as the infamous Ashley Madison hack in 2015, which compromised sensitive information of users on a cheating website. Awareness and swift action are critical to safeguarding the privacy of individuals in the increasingly digital dating landscape.
