Researchers have revealed a significant data breach involving kink and LGBT dating apps, where private images were accessible online without protection. M.A.D Mobile, the company behind the affected platforms, acted after being alerted by cybersecurity experts but has not explained the delay in addressing the vulnerability.
Security Breach Exposes 1.5 Million Private Images from Kink and LGBT Dating Apps
Security Breach Exposes 1.5 Million Private Images from Kink and LGBT Dating Apps
A shocking security lapse has left nearly 1.5 million private user images from five notorious dating apps exposed online, raising serious concerns about user safety.
Researchers have uncovered a disturbing security vulnerability affecting nearly 1.5 million private photos from several kink and LGBT dating apps. The exposed images, many of which contain explicit content, were found online without any password protection, making them easily accessible to anyone with the link. The breach involves five platforms operated by M.A.D Mobile, including BDSM People, Chica, Pink, Brish, and Translove.
Approximately 800,000 to 900,000 users engage with these dating services, which cater to niche communities. The issue was first flagged by ethical hacker Aras Nazarovas from Cybernews on January 20, but M.A.D Mobile failed to act until contacted by the BBC last Friday. Following this, the company has since remedied the issue but has not clarified how such sensitive data was left unprotected in the first place.
Nazarovas expressed astonishment at the discovery, stating that the first image he viewed was a private photo of an individual that should have remained confidential. He noted that the storage folder contained not only profile pictures but private messages and images, some of which had even been removed by moderators.
The implications of this breach could be severe, especially for users living in countries where LGBT identities are met with hostility. Extortion by hackers is a real concern as malicious actors could have exploited this unsecured access to threaten users. Despite the absence of user names or personal identifiers attached to the images, the vulnerability poses considerable risk.
M.A.D Mobile released a statement acknowledging the vulnerability highlighted by Nazarovas and assured that corrective measures were being taken. However, they did not elaborate on the timeline for the breach or the reasons behind the delay in fixing it after receiving warnings from security researchers.
Traditionally, cybersecurity experts opt to wait until vulnerabilities are addressed before publicly reporting them to avoid jeopardizing user safety. However, due to M.A.D Mobile's inaction, Nazarovas and his team chose to warn the public immediately to help protect users from potential harms.
This incident draws parallels to the infamous 2015 Ashley Madison breach, where sensitive user data was exploited by hackers, showcasing the ongoing challenges in securing personal information on dating platforms.
