Researchers have uncovered a severe security flaw among five dating platforms developed by M.A.D Mobile, including kink and LGBT-oriented apps like BDSM People, Chica, Pink, Brish, and Translove. Nearly 1.5 million user images, many of which are explicit, were found stored online without any password protection, leaving individuals susceptible to hacking and extortion. This breach affects approximately 800,000 to 900,000 users of these apps.
The issue first came to light when ethical hacker Aras Nazarovas from Cybernews discovered the vulnerability in January. He was shocked to access unencrypted and unprotected photos easily. The images included not only profile pictures but also private messages and even those removed by moderators.
Though M.A.D Mobile fixed the vulnerability following the BBC's inquiry, they have not disclosed the reasons behind the breach or why they failed to act sooner. Ethical hacker Nazarovas expressed concern that malicious hackers could exploit these images for extortion, particularly threatening users in countries with attitudes hostile toward the LGBT community.
While M.A.D Mobile acknowledged the issue and assured further updates for their apps, the lack of immediate responses to questions regarding their operational base and the delay in addressing the problem raises questions about their commitment to user security. Given the sensitive nature of the exposed content, this incident echoes past breaches in the dating app space, highlighting ongoing vulnerabilities that users must remain vigilant against.
The issue first came to light when ethical hacker Aras Nazarovas from Cybernews discovered the vulnerability in January. He was shocked to access unencrypted and unprotected photos easily. The images included not only profile pictures but also private messages and even those removed by moderators.
Though M.A.D Mobile fixed the vulnerability following the BBC's inquiry, they have not disclosed the reasons behind the breach or why they failed to act sooner. Ethical hacker Nazarovas expressed concern that malicious hackers could exploit these images for extortion, particularly threatening users in countries with attitudes hostile toward the LGBT community.
While M.A.D Mobile acknowledged the issue and assured further updates for their apps, the lack of immediate responses to questions regarding their operational base and the delay in addressing the problem raises questions about their commitment to user security. Given the sensitive nature of the exposed content, this incident echoes past breaches in the dating app space, highlighting ongoing vulnerabilities that users must remain vigilant against.
