Nearly 1.5 Million Private Photos from Five Dating Apps Were Exposed Online

"Researchers have discovered nearly 1.5 million pictures from specialist dating apps — many of which are explicit — being stored online without password protection," reports the BBC, "leaving them vulnerable to hackers and extortionists." And the images weren't limited to those from profiles, the BBC learned from the ethical hacker who discovered the issue. "They included pictures which had been sent privately in messages, and even some which had been removed by moderators..." Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile [including two kink/BDSM sites and two LGBT apps]... These services are used by an estimated 800,000 to 900,000 people. M.A.D Mobile was first warned about the security flaw on 20th January but didn't take action until the BBC emailed on Friday. They have since fixed it but not said how it happened or why they failed to protect the sensitive images. Ethical hacker Aras Nazarovas from Cybernews first alerted the firm about the security hole after finding the location of the online storage used by the apps by analysing the code that powers the services... None of the text content of private messages was found to be stored in this way and the images are not labelled with user names or real names, which would make crafting targeted attacks at users more complex. In an email M.A.D Mobile said it was grateful to the researcher for uncovering the vulnerability in the apps to prevent a data breach from occurring. But there's no guarantee that Mr Nazarovas was the only hacker to have found the image stash. "Mr Nazarovas and his team decided to raise the alarm on Thursday while the issue was still live as they were concerned the company was not doing anything to fix it..." Read more of this story at Slashdot.

Mar 30, 2025 - 13:30

Nearly 1.5 Million Private Photos from Five Dating Apps Were Exposed Online

"Researchers have discovered nearly 1.5 million pictures from specialist dating apps — many of which are explicit — being stored online without password protection," reports the BBC, "leaving them vulnerable to hackers and extortionists." And the images weren't limited to those from profiles, the BBC learned from the ethical hacker who discovered the issue. "They included pictures which had been sent privately in messages, and even some which had been removed by moderators..." Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile [including two kink/BDSM sites and two LGBT apps]... These services are used by an estimated 800,000 to 900,000 people. M.A.D Mobile was first warned about the security flaw on 20th January but didn't take action until the BBC emailed on Friday. They have since fixed it but not said how it happened or why they failed to protect the sensitive images. Ethical hacker Aras Nazarovas from Cybernews first alerted the firm about the security hole after finding the location of the online storage used by the apps by analysing the code that powers the services... None of the text content of private messages was found to be stored in this way and the images are not labelled with user names or real names, which would make crafting targeted attacks at users more complex. In an email M.A.D Mobile said it was grateful to the researcher for uncovering the vulnerability in the apps to prevent a data breach from occurring. But there's no guarantee that Mr Nazarovas was the only hacker to have found the image stash. "Mr Nazarovas and his team decided to raise the alarm on Thursday while the issue was still live as they were concerned the company was not doing anything to fix it..."