Researchers have uncovered a shocking security lapse that left nearly 1.5 million explicit photos from specialist dating apps exposed online. The images were stored without password protection, making them vulnerable to hackers and potential extortionists.
The affected apps—BDSM People, Chica, Pink, Brish, and Translove—were all developed by M.A.D Mobile. These platforms cater to niche dating communities, including the LGBT+ and kink communities, and are used by approximately 800,000 to 900,000 people. Anyone with the right link could access private photos, including those sent in messages and even deleted by moderators.
Cybersecurity researcher Aras Nazarovas from Cybernews discovered the flaw after analysing the apps’ code. He was stunned to find the unencrypted, unprotected images freely accessible. “The first app I investigated was BDSM People, and the first image in the folder was a naked man in his thirties,” he said. “I immediately realised that this folder should not have been public.”
M.A.D Mobile was first warned about the vulnerability on 20 January but took no action until the BBC contacted them in March. While the company has since secured the images, they have not explained why such sensitive data was left unprotected for so long.
Experts warn that the exposure could have had devastating consequences, especially for users in countries where LGBT+ individuals face persecution. Hackers could have exploited the images for blackmail or harassment. While no private text messages were found, the breach raises serious concerns about data security in online dating apps.
M.A.D Mobile has acknowledged the flaw and stated that an update will be released soon to improve security. However, cybersecurity experts caution that it remains unclear whether hackers accessed the data before it was secured.
This breach echoes the infamous 2015 Ashley Madison scandal, where hackers leaked personal details of millions of users. Experts urge dating app users to be cautious with sensitive images and advocate for stricter security measures across all online platforms.
