Nearly 1.5 Million Private Photos from Five Dating Apps Were Exposed Online

"Researchers have discovered nearly 1.5 million pictures from specialist dating apps — many of which are explicit — being stored online without password protection," reports the BBC, "leaving them vulnerable to hackers and extortionists."

And the images weren't limited to those from profiles, the BBC learned from the ethical hacker who discovered the issue. "They included pictures which had been sent privately in messages, and even some which had been removed by moderators..." Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile [including two kink/BDSM sites and two LGBT apps]... These services are used by an estimated 800,000 to 900,000 people.

M.A.D Mobile was first warned about the security flaw on 20th January but didn't take action until the BBC emailed on Friday. They have since fixed it but not said how it happened or why they failed to protect the sensitive images. Ethical hacker Aras Nazarovas from Cybernews first alerted the firm about the security hole after finding the location of the online storage used by the apps by analysing the code that powers the services...

None of the text content of private messages was found to be stored in this way and the images are not labelled with user names or real names, which would make crafting targeted attacks at users more complex.

In an email M.A.D Mobile said it was grateful to the researcher for uncovering the vulnerability in the apps to prevent a data breach from occurring. But there's no guarantee that Mr Nazarovas was the only hacker to have found the image stash.
"Mr Nazarovas and his team decided to raise the alarm on Thursday while the issue was still live as they were concerned the company was not doing anything to fix it..."

Shitty vendor has shitty security

[GeekWithAKnife]

...this is not surprising. What is surprising is that they were told about this and had a couple of money to find even a rudimentary workaround and they didn't.
What about the potential irreparable harm done to the users? Executives should lose their jobs and yet we know they won't.
They'll probably blame some engineer because they don't know anything about the tech...
Organisational risk is owned by the senior management team. No excuses.

pictures or

[Growlley]

it never hapened.

Re:pictures or

[Mr. Dollar Ton]

It is mostly dickpicks. You sure you want to see them?

Re:

[KiloByte]

It's only 1.5 million images, we have plenty of people who'd volunteer to classify and filter them -- and, select the best. Although, shameful to say, I'd prefer to use tags made by magatees, as their definition of "woman" is the one I'd want to filter on.

Re:

[Coius]

I'm bi, and curious. Release away! I'll even do some measuring for comparison!

Re:

[Mr. Dollar Ton]

I can't, as I don't have them, but I'm sure they'll leak and make you happy.

Enjoy.

Picks?

[antdude]

Uh...

Jokes on you

[zawarski]

If you viewed any BDSM pictures of me. Have fun getting that burn out of your retina.

Re:

[AleRunner]

If you viewed any BDSM pictures of me. Have fun getting that burn out of your retina.

Can we take that as an admission?

Or maybe a threat by desperate exhibitionists now going around all the apps, talking to themselves and trying to get exposed?

I always wondered about the fact that when an app with initials AM that aimed to help people have secret affairs (If you don't know I'm not going to help you find them) got much more popular after a data leak.

Re: Jokes on you

[zawarski]

Nah. IRL I am way too lazy to be desperate at anything. Or, in the case of an affair, also too lazy. Seems like a lot of sneaking around when I already have a woman who kindly agrees to have sex with me once in a while.

Reminds me ...

[cascadingstylesheet]

... of the old days of the web and my misspent youth.

"Huh, if there's a "babe31.jpg", then I wonder if there's a babe32 and a babe33 ..."

good luck trying to blackmail me

[FudRucker]

i was outed when i was a teenager so no secrets here

Obvious comment

[Alain Williams]

If you do not want others to see the pictures then do not put them anywhere that you do not control 100%. Even better: do not take them in the first place.

People know this, but will make the same mistake over and over again.

Re:

[alvinrod]

There are some people who do know better and even a few who learn the hard way and now know better, but there's always a new batch of wet-behind-the-ears fools to make the same set of mistakes all over again.

Re:Obvious comment

[Registered Coward v2]

There are some people who do know better and even a few who learn the hard way and now know better, but there's always a new batch of wet-behind-the-ears fools to make the same set of mistakes all over again.

I'm sure some are wet in other places as well...

Re: Obvious comment

[zawarski]

100% of births end in death, so do not be born.

Re:

[radarskiy]

"Even better: do not take them in the first place."

If you don't want to be robbed, never earn any money.

Re:

[Paradise Pete]

If you do not want others to see the pictures then do not put them anywhere that you do not control 100%. Even better: do not take them in the first place.

People know this, but will make the same mistake over and over again.

When the possibility of sex is involved people's IQs and judgment are cut in half.

Re:

[CalgaryD]

It used to be that people faces could be linked to their identities by matching to their public profiles. Now, people will be identified by photos of their genitals too...

Re:

[Githyanki]

Some of these (According to the summary/article) were pics sent in "private messages" and not on their profiles to be shared. If I was a user on any of these platforms I would be mad as hell. These platforms are basically saving all of these private message's/pictures and they are not E2E encrypted.

IE: they are not "private".

It's not a private photo if you upload it on the..

[Hey_Jude_Jesus]

Internet. Anything you say or upload on the internet unencrypted can be scene by all at some time.

Re: It's not a private photo if you upload it on t

[50000BTU_barbecue]

Like not being able to spell "seen" I guess.

Re:

[Hey_Jude_Jesus]

The typo killed the Internet.

Exposure (not in a medical sense) ...

[RockDoctor]

I thought the whole point of "dating apps" was to get "exposure" of whatever stuff you've got to strut. So ... the people whose dick, fanny and ropework-with-piercings pics (per other responses up-thread) have received additional exposure can expect to be invoiced for the benefit shortly.

What - their postal addresses, credit card numbers (so,"invoice, paid" notices even?) and home-, church- and spouse's-divorce-lawyer addresses were in the leak too? Well, who is surprised about that? More exposure! Higher

Another dick in the wall

[devslash0]

Unless your private parts have a very distinct shape, colour, scars, birthmark or other distinctive feature, your dickpic is just going to drown in the sea of other dickpicks already present on the internet.

Subject of the Year

[Petr Blazek]

mod the parent up, someone. PLEASE!!!

Re:

[Can'tNot]

One of the more problematic things that the AI folks are working on is facial recognition, and I think it's not unreasonable to assume that it will get better over time. Eventually, I fully expect it to work very well.

This means that any picture which includes your face, which might disappear into the sea of other pictures in the eyes of human viewers, will eventually be recognized and catalogued and searchable. And of course this includes the pictures that you're taking and publishing now, even though t

M.A.D Mobile?

[fahrbot-bot]

Mutually Assured Destruction Mobile? ... Mothers Against Drunk Mobile? Either seems odd. :-)

(Note: The company [madmobile.com] site, and Google, show it as "Mad Mobile" not an acronym.)

Photos on the internet

[p51d007]

NEVER put anything on the web and think it is safe. A-N-Y-T-H-I-N-G can be hacked.