![Apple Releases iOS 18.5 Beta and iPadOS 18.5 Beta [Download]](https://www.iclarified.com/images/news/96907/96907/96907-640.jpg)
![Apple Seeds watchOS 11.5 to Developers [Download]](https://www.iclarified.com/images/news/96909/96909/96909-640.jpg)
![Apple Seeds visionOS 2.5 Beta to Developers [Download]](https://www.iclarified.com/images/news/96911/96911/96911-640.jpg)
![Apple Seeds tvOS 18.5 Beta to Developers [Download]](https://www.iclarified.com/images/news/96913/96913/96913-640.jpg)
![Google brings back the Pixel Weather map [U]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2024/09/Pixel-9-Pro-Fold-Pixel-Weather-app-2.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![Is this a suitable approach to architect a flutter app? [closed]](https://i.sstatic.net/4hMHGb1L.png)
Intimate images from kink and LGBTQ+ dating apps left exposed online
A number of specialized dating apps leaked the--not so--secret storage location of 1.5 Million more or less explicit images
A researcher found millions of pictures from specialized dating apps for iOS stored online without any kind of password protection.
The pictures, some of which are explicit, stem from dating apps that all have a specific audience. The five platforms, all developed by M.A.D. Mobile are kink sites BDSM People and Chica, and LGBT apps Pink, Brish, and Translove.
As we reported not too long ago, many iOS apps leak at least one hard coded secret. We consider hard coded secrets in the source code of the apps as exposed because they are relatively easy to find and abuse by cybercriminals. And those secrets can have serious consequences for the apps’ users
Cybernews’ Aras Nazarovas found the storage location (a Google Cloud Storage bucket) used by the apps by reverse engineering the code. To his surprise, he could access the unencrypted and otherwise unprotected photos without needing any password.
As soon as he saw the first image, he knew this storage should not have been public. Not only did it contain profile pictures, it also included pictures sent in private messages, including some removed by moderators.
In total, nearly 1.5 million user-uploaded images were available to anyone stumbling over the storage bucket. Although the images are not linked to any user accounts or other private information, it is not unthinkable that cybercriminals could figure out some of the identities by using commonly available face search engines.
Many of these search engines use Artificial Intelligence (AI) for facial recognition combined with reverse image search technology to find other photos of a person published online, based on a picture submitted by the user.
Although officially intended only for self-searches, many of them don’t bother to check whether that’s actually the case.
Coupled to the identity of the person in the picture, these images could expose users to extortion, as well as an increased risk of hostility. As if online dating isn’t nervewracking enough, especially for those looking in special categories, the last we need is to see our explicit images exposed.
M.A.D Mobile was warned about the leak in January, but didn’t take any action to protect the storage until the BBC contacted the company on Friday. The issue has now been fixed.
It’s important to stipulate that the apps are exclusive to iOS and do not have Android or web alternatives.
Check your digital footprint
If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.
