- Five Kink and LHBT -Apps Exposed Sensitive User Pictures
- The photos were stored on a server without password protection
- Apps’ Developer left the problem unjustified for several months
Five dating apps exposed over 1.5 million private and explicit images after storing the images in Sky storage buckets without any password protection.
CyberSecurity scientists found image servers of BDSM people, chica, pink, brish and translove to be very vulnerable to hackers and put between 800,000 and 900,000 people at risk of extortion and extortion.
The five places are all from Developer Mad Mobile, who were notified of the exposed servers on January 20, but not remedied the problem until March 28, after CyberSecurity researchers published a report on the vulnerable servers.
Explicit images exposed
Cybergenws scientist Aras Nazarovas discovered the exposed private image servers while they performed analysis on the code that operates the BDSM People app.
“The first photo in the folder was a naked man in the thirties. As soon as I saw it, I realized that this folder should not have been public,” Nazarovas told the BBC.
On the servers, Nazarovas found hundreds of gigabytes photos, including images from profiles, images sent in direct messages, images allegedly removed from the app by moderators, photos from public posts, profile verification photos and photos included in comments.
While the problem has now been remedied, there is no way to know how long the servers were exposed to or if Nazarovas was the only person who discovered the box of explicit images.
A MAD MOBILE count said, “We value their work and have already taken the necessary steps to solve the problem. A further update to the apps will be released in the App Store in the coming days.”
Outside the risk of extortion that the unprotected sky storage buckets constituted, users of apps in countries with hostile attitudes towards LHBT people were also jeopardized.
Dating apps and sites are lucrative targets for hackers because of the very sensitive personally identifiable information they store. If it was hit by a ransomware attack, attackers could not only pressure the company for money, but also threaten individuals with exposure of their data if they do not pay a fee.
