Vulnerability in five dating resources exposed 1.5 million users' personal photos
Researchers have discovered a serious vulnerability in five dating sites developed by M.A.D Mobile, such as the BDSM sites BDSM People and Chica, as well as the LGBT apps Pink, Brish and Translove. As a result of the leak, around 1.5 million users' personal photos, including explicit images, were made available online without password protection. Among the leaked data were not only photos from profiles, but also images sent in private messages, as well as those that were deleted by moderators.
Here's What We Know
Ethical hacker Aras Nazarovas of Cybernews was the first to report the problem, having discovered the location of the online storage used by the apps. Despite the warning, M.A.D Mobile did not take action until the BBC contacted them. The vulnerability has since been fixed, but it remains unknown how long the data was in the public domain and who may have used it.
Although text messages were not affected, the leaked photos pose a risk to users, especially in countries where homosexuality is illegal. The researchers emphasise that the leak could be used for blackmail, social engineering and other malicious activities. M.A.D Mobile expressed gratitude for identifying the problem, but did not provide details about the reasons for the leak.
