Kink and LGBT Dating Apps Expose 1.5 Million Private Images Online

Researchers have uncovered a staggering security breach affecting kink and LGBT dating apps, with nearly 1.5 million private images, including explicit content, left vulnerable online due to inadequate protection measures. The exposed images originate from five dating platforms operated by M.A.D Mobile, specifically serving the kink community and LGBT users, including apps like BDSM People, Chica, Pink, Brish, and Translove, which collectively attract an estimated 800,000 to 900,000 accounts.

The revelation came from ethical hacker Aras Nazarovas, who discovered the unprotected online storage after analyzing the apps' code. He expressed disbelief at the ease with which he accessed these sensitive photos without any password safeguard. "The first app I investigated was BDSM People, and the first image in the folder was a naked man in his thirties," he revealed, highlighting the shocking lack of security in place.

While M.A.D Mobile was first alerted to the security flaw back in January, they only took action after being contacted by the BBC, prompting questions about the timeline of their response. The company has since patched the vulnerability but has not explained how the breach occurred or why it took so long to address the issue.

Experts warn that such security lapses not only pose risks of extortion from malicious hackers but could also endanger users, particularly in regions where LGBT identities are met with hostility. Although the exposed images lack any associated usernames or real names, the breach still represents a significant threat to user safety.

In a statement, M.A.D Mobile acknowledged the gravity of the situation, thanking Nazarovas for bringing the vulnerability to their attention. They indicated that additional app updates would be forthcoming, but the lack of transparency regarding their security protocols has raised alarm bells.

Reflecting on the ethical decision to disclose the vulnerability while still active, Nazarovas stated, "It's always a difficult decision, but we think the public needs to know to protect themselves." Such security issues echo previous incidents, like the 2015 Ashley Madison breach, which underscored the critical need for improved safeguarding measures in dating platforms.