1. Forum
  2. FidoNet
  3. CONSPRCY

  • Major dating app data bre

    From Mike Powell@1:2320/105 to All on Mon Mar 31 09:48:00 2025
    Major dating app data breach may have exposed 1.5 million private user images online

    Date:
    Mon, 31 Mar 2025 13:02:00 +0000

    Description:
    Several apps from developer M.A.D Mobile had unprotected image servers that stored private and explicit photos without password protection.

    FULL STORY

    Five dating apps exposed over 1.5 million private and explicit images after storing the images in cloud storage buckets without any password protection.

    Cybersecurity researchers found the image servers of BDSM People, Chica,
    Pink, Brish and Translove to be highly vulnerable to hackers, putting between 800,000 and 900,000 people at risk of blackmail and extortion.

    The five sites are all from developer M.A.D Mobile, who was notified of the exposed servers on January 20 but did not remediate the issue until March 28, after the cybersecurity researchers published a report on the exposed
    servers.

    Explicit images exposed

    Cybernews researcher Aras Nazarovas discovered the exposed private image servers while conducting analysis on the code that powers the BDSM People
    app.

    The first image in the folder was a naked man in his thirties. As soon as I
    saw it I realised that this folder should not have been public," Nazarovas
    told the BBC .

    On the servers, Nazarovas found several hundred gigabytes of photos,
    including images from profiles, images sent in direct messages, images that were supposedly removed from the app by moderators, photos from public posts, profile verification photos, and photos included in comments.

    While the issue has now been remediated, there is no way of knowing how long the servers were exposed, or if Nazarovas was the only person to discover the trove of explicit images.

    A M.A.D Mobile spokesperson said, We appreciate their work and have already taken the necessary steps to address the issue. An additional update for the apps will be released on the App Store in the coming days.

    Outside of the risk of extortion posed by the unprotected cloud storage buckets, users of the apps in countries with hostile attitudes to LGBT
    peoples were also put at risk.

    Dating apps and sites are lucrative targets for hackers due to the highly sensitive personally identifiable information they store. If hit by a ransomware attack, the attackers could not only extort the company for money, but also threaten individuals with the exposure of their data if they dont
    pay a fee.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/major-dating-app-data-breach-may-have-e xposed-1-5-million-private-user-images-online

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)