“Kink & LGBT Dating Apps Exposed: 1.5M Private Images Leak in Major M.A.D Mobile Data Breach”

"Kink & LGBT Dating Apps Exposed: 1.5M Private Images Leak in Major M.A.D Mobile Data Breach"

Over a million private photos from dating apps exposed online – BBC News

Nearly 1.5 million private images—including explicit content—from five niche dating apps were discovered unprotected online, exposing users to hackers, extortion, and privacy violations. The breach impacted platforms developed by M.A.D Mobile, including Chica (a sugar daddy app), BDSM People (a kink-focused site), and LGBT dating apps Pink, Brish, and Translove.

Key Details of the Data Breach

  • Affected Users: 800,000–900,000 people globally.
  • Exposed Content: Profile photos, private messages, and deleted images moderated by the apps.
  • Security Flaw: Images stored without encryption or password protection, accessible via public links.
  • Timeline: Researcher Aras Nazarovas (Cybernews) alerted M.A.D Mobile on January 20, 2024. The company fixed the issue only after BBC’s inquiry in late April.

How Were the Images Exposed?

Ethical hacker Aras Nazarovas uncovered the vulnerability by analyzing app code. He found unsecured cloud storage folders containing sensitive user data. “The first image I saw was a naked man in his thirties. It was clear this folder should never have been public,” Nazarovas stated.

The breach extended beyond profile pictures to include:

  • Privately shared images in chats.
  • Photos removed by moderators.

Risks for Users of Kink and LGBT Dating Apps

This security lapse poses severe threats, especially for vulnerable communities:

  1. Extortion: Hackers could demand payment to delete explicit content.
  2. Discrimination: Users in anti-LGBT regions face legal or social risks if identities are revealed.
  3. Reputation Damage: Even without usernames, images could be traced via facial recognition or metadata.

Note: No text messages or user identifiers were exposed, reducing (but not eliminating) targeted attack risks.

M.A.D Mobile’s Delayed Response Raises Concerns

Despite multiple warnings from Cybernews, M.A.D Mobile took action only after BBC’s involvement. The company has not clarified:

  • Why the breach occurred.
  • Where it is headquartered.
  • Why fixes took three months.

In a brief statement, M.A.D Mobile said: “We appreciate the researcher’s work and have addressed the issue. An app update will follow.”

Why This Breach Echoes the Ashley Madison Scandal

The 2015 Ashley Madison hack, which exposed cheating spouses’ data, underscores the lasting trauma of privacy violations. While no financial data was stolen here, the emotional toll on users—especially marginalized groups—could be devastating.

How to Protect Yourself on Dating Apps

  1. Avoid Sharing Explicit Photos: Assume no platform is 100% secure.
  2. Use Blurred or Cropped Images: Protect your identity in profile pics.
  3. Enable Two-Factor Authentication (2FA): Add an extra security layer.
  4. Research Apps’ Security Policies: Prioritize platforms with encryption and transparency.

Stay Informed: Your Privacy Matters

Data breaches are rising, but vigilance can reduce risks. Follow cybersecurity updates and demand accountability from tech companies.

#DataBreach #CyberSecurity #LGBTPrivacy #OnlineDatingRisks #PrivacyMatters