1 day Ago
Researchers have uncovered a staggering 1.5 million photos from niche dating apps, including explicit content, openly..
. Read More Did you know that the photos you use for your dating app profile or send to your match may no longer be private, potentially putting you at risk of being targeted by hackers? Researchers have uncovered a staggering 1.5 million photos from niche dating apps, including explicit content, openly stored online without any password protection, making them an easy target for hackers and extortionists.
These images, from five platforms developed by M.A.D Mobile, such as BDSM People, Chica, Pink, Brish, and Translove, were accessible to anyone with the link.
These platforms have an estimated user base of 800,000 to 900,000 people, BBC said in a report. M.A.
D Mobile has resolved the issue now, but no explanation has been given for how it happened or why the images were left unprotected. Ethical hacker Aras Nazarovas from Cybernews first identified the vulnerability by analyzing the app code and locating the online storage. He was shocked at how easily he could access the unencrypted photos without any password.
“The first app I checked was BDSM People, and the first image was a naked man in his thirties," Nazarovas said. “It was clear this folder should never have been public." The exposed images included not just profile pictures but also private messages and even some deleted by moderators, increasing the risk for users, according to the BBC report.
Nazarovas emphasized the significant risk to users, especially those in LGBT-hostile countries, as hackers could exploit these images for extortion. While no private message text was found stored in this way and the images were not labeled with usernames or real names, which would make targeted attacks more challenging, the risk remained. M.
A.D Mobile thanked the researcher for preventing a potential data breach but did not guarantee that Nazarovas was the only one to find the vulnerable images. “We appreciate their work and have already taken steps to address the issue," a spokesperson said.
“An additional update for the apps will be released on the App Store in the coming days." The company did not respond to further questions about their location or the delays in fixing the issue despite multiple warnings. Security researchers typically wait until vulnerabilities are fixed before publishing reports to avoid user risk.
However, Nazarovas and his team decided to alert the public while the issue was still unresolved to ensure user protection. “It’s always a tough decision, but we believe the public needs to know to protect themselves," he said. This incident echoes the 2015 Ashley Madison hack, where malicious hackers stole vast amounts of customer data from a dating site for married people seeking affairs.
.
