Researchers have discovered approximately 1.5 million pictures of specialized dating applications – many of which are stored over the Internet without protecting the password, making them vulnerable to infiltrators and extortion.
Anyone had the link able to display private photos from five platforms developed by MAD Mobile: Kink Sites Bdsm People, Chica, LGBT Apps Pink and Brish and Translate.
These services are used by between 800,000 to 900,000 people.
MAD Mobile was warned for the first time of the security defect on January 20, but he did not take action until BBC was sent via e -mail on Friday.
They have since fixed, but they did not say how it happened or why they failed to protect sensitive images.
AraS Nazarovas from Cybernews first alerted the company about the safety hole after finding the online storage site used by applications by analyzing the code that occupies services.
He was shocked because he can reach unprotected and unprotected images without any password.
“The first application I achieved is BDSM, and the first image in the volume was a naked man in his thirties,” he said.
“As soon as I saw him, I realized that this folder should not be public.”
He said that the pictures were not limited to those in profiles, as they included pictures that were sent separately in the messages, and even some of them were removed by the supervisors.
Mr. Nazarovas said that the discovery of unprotected sensitive materials comes with a great risk of platform users.
Malibruers can have found pictures and blackmailing individuals.
There is also a danger to those who live in hostile countries for gay personnel.
Any of the text content of the special messages that were stored in this way is not found and the images are not classified with the names of users or real names, which makes the formulation of targeted attacks on users more complicated.
In an email, MAD Mobile said it is grateful for the researcher to reveal the weakness of the applications to prevent data breach.
But there is no guarantee that Mr. Nazarovas was the only infiltrator who found the picture hidden.
“We appreciate their work and have already taken the necessary steps to address this issue,” said a MAD Mobile spokesman. “An additional update for applications will be released in the application store in the coming days.”
The company did not answer the additional questions about the place where the company is based and why it took months to address the case after multiple warnings from researchers.
Security researchers usually wait for the security vulnerability to be repaired before the publication of an online report, if users are at risk of attack.
But Mr. Nazarovas and his team decided to raise the alarm on Thursday while the case was still living because they were concerned that the company did not do anything to repair it.
“It is always a difficult decision, but we believe that the audience needs to know themselves,” he said.
In 2015, malicious infiltrators stole a large amount of customer data about Ashley Madison users, a dating site for married people who want to cheat on their husband.
-Abstract-Background-012025-SOURCE-Mammut.jpg?w=390&resize=390,220&ssl=1 "Review: Mammut Crag IN Jacket")
