Major dating app data breach may have exposed 1.5 million private user images online

News
By published

Kink and LGBT dating apps exposed millions of images

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)
  • Five kink and LGBT apps exposed sensitive user images
  • The images were stored on a server without password protection
  • The apps' developer left the issue unfixed for months

Five dating apps exposed over 1.5 million private and explicit images after storing the images in cloud storage buckets without any password protection.

Cybersecurity researchers found the image servers of BDSM People, Chica, Pink, Brish and Translove to be highly vulnerable to hackers, putting between 800,000 and 900,000 people at risk of blackmail and extortion.

The five sites are all from developer M.A.D Mobile, who was notified of the exposed servers on January 20 but did not remediate the issue until March 28, after the cybersecurity researchers published a report on the exposed servers.

Explicit images exposed

Cybernews researcher Aras Nazarovas discovered the exposed private image servers while conducting analysis on the code that powers the BDSM People app.

“The first image in the folder was a naked man in his thirties. As soon as I saw it I realised that this folder should not have been public," Nazarovas told the BBC.

On the servers, Nazarovas found several hundred gigabytes of photos, including images from profiles, images sent in direct messages, images that were supposedly removed from the app by moderators, photos from public posts, profile verification photos, and photos included in comments.

While the issue has now been remediated, there is no way of knowing how long the servers were exposed, or if Nazarovas was the only person to discover the trove of explicit images.

A M.A.D Mobile spokesperson said, “We appreciate their work and have already taken the necessary steps to address the issue. An additional update for the apps will be released on the App Store in the coming days.”

Outside of the risk of extortion posed by the unprotected cloud storage buckets, users of the apps in countries with hostile attitudes to LGBT peoples were also put at risk.

Dating apps and sites are lucrative targets for hackers due to the highly sensitive personally identifiable information they store. If hit by a ransomware attack, the attackers could not only extort the company for money, but also threaten individuals with the exposure of their data if they don’t pay a fee.

You might also like

Benedict Collins
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
A woman in a high-vis vest and hard hat holding a laptop outside in a solar farm.

Millions of solar power systems could be at risk of cyber attacks after researchers find flurry of vulnerabilities
Android

An old Android RAT has returned with some new tricks - here is what to look out for
ChatGPT on a screen

ChatGPT is down for many – here's everything we know about the outage so far
See more latest
Most Popular
ChatGPT on a screen
ChatGPT is down for many – here's everything we know about the outage so far
Man with laptop showing Blue screen of death or BSOD on the monitor screen
Blue, or green, or black? Windows 11’s infamous ‘screen of death’ error message is going through some confusing changes
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, April 1 (game #1163)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Tuesday, April 1 (game #660)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, April 1 (game #394)
Two villagers looking into the camera in A Minecraft Movie
'They were taken out of context': A Minecraft Movie director responds to fan backlash over the film adaptation's visuals
Atonemo Streamplayer
This tiny, cheap box upgrades any speakers with Wi-Fi multi-room streaming, including Hi-Res Audio support
Nvidia
Nvidia's new Game Ready Drivers appear to be so bad that game developers are warning gamers to stay away
The Key Photos filtering option in the Photos app in iOS 18.4.
iOS 18.4 gets official release notes: Apple Intelligence, new Photos tools, Ambient Music, and more
The YouTube logo on a landscape smartphone
YouTube is testing a fix for the most annoying thing about subscriber notifications – and I'm fully on board