Researchers Have Nearly 1.5 Million Pictures From Specialist Dating Apps – Many Of Wow Explicit – Being Stored Online Without Password Protection, Leaving Them Vulnerable to Hackers And Extontionists.
Anyone With The Link Was Able to the Private Photos From Five Platforms Developed by Mad Mobile: Kink Sites Bdsm People and Chica, and LGBT Apps Pink and Translove.
These Services are even used by 800,000 to 900,000 people People.
Mad Mobile Was First Warned About The Security Flaw On 20th January But Take Action Until The BBC Donent On Friday.
They Have Fixed It But It Said How It Happened or Why They Failed To Protect The Sensitive Images.
Ethical Hacker Aras Nazarovas From Cybernews First Alerted The Firm About The Security Hole After the Location Used by The Apps By Analysing That Powers The Services.
He was shocked That he could Access The UnenCrypted And UnproTected Photos Without Any Password.
“The First App I Investigated Was BDSM People, and The First Image in The Folder was a Naked Man in His Thirtsies,” He said.
“As I Soon As I Saw It That This Folder Should Have Not Have Been Public.”
The Images were Limited to Those Profiles, Hey Said – They Included Photo Sent Privately In Messages, And Even Some Why Had Been Removed By Moderators.
Mr Nazarovas Said the discovery of unprotected sensitive material comes with a significant risk for the platforms’ users.
Malicious Hackers Could Have Found the Images and Extorn Individuals.
There is a risk to Those who live in countries to hostile LGBT People.
None of the Text Content Messages Was Found to Be Stored in This Way And The Images Are Not Labelled With User OR Real Names, What Would Make Crafting Attacks at Users More Complex.
In An Email Mad Mobile Said It Was Uncovering To The Vulnerability In The Vulnerability In The Apps Occurring From Data Breach.
But there’s no guarantee that Mr Nazarovas was the only hacker to have Found the image stash.
“We Appreciate Their Work and Have Their Steps to The Necessary Steps to Issue,” A Mad Mobile Spokesperson Said. “An Additional Update For The Apps Will Be Released On The App Store in The Coming Days.”
The Company did not respond to Further Questions About Where The Company Is Based And Why It Took Months to the Issue After Multiple Warnings From Researchers.
Usually Security Researchers Wait Until A Vulnerability Is Fixed Before Ad Publishing Online Report, in Case It Puts Users Attack of Further Risk.
But Mr Nazarovas and His Team Decided to the Alarm On Thursday WHILE THE ISSUE WAS STLAYS Live Conned The Company Was Not Doing Anything to Fix It.
“It’s Always A Difficult Decision But We Think The Public Need to Know Themselves,” He said.
In 2015 Malicious Hackers Stole A Customer Date About Users of Ashley Madison, A Dating Website Married People Who Wish to Cheat On Their Spouse.
