A security flaw in dating apps for kinks and the LGBT community has left nearly 1.5 million private user images vulnerable to hackers. Researchers found that five platforms, including BDSM People and Translove, stored sensitive photos online without password protection. Experts warn that this could lead to extortion, identity theft, or even targeted attacks against users who live in hostile countries.
Cybersecurity researcher Aras Nazarovas discovered the issue by analyzing code from the apps. He was shocked to find that unencrypted images were accessible without a password. The images included private messages and pictures removed by moderators.
M.A.D Mobile, the company behind the platforms, has since fixed the issue but remains silent on how it happened or why they failed to protect user data. Experts say this could be due to a lack of transparency about the location of sensitive data online.
Source: https://www.bbc.com/news/articles/c05m5m5v327o