- Five LGBT and LGBT applications have exposed sensitive user images
- The images were stored on a server without password protection
- The applications developer has left the problem not fixed for months
Five dating applications exposed on 1.5 million private and explicit images after storing images in cloud storage buckets without any password protection.
Cybersecurity researchers found that the image servers of BDSM, Chica, Pink, Brish and Translove people were very vulnerable to pirates, putting between 800,000 and 900,000 people at risk of blackmail and extortion.
The five sites are all Mad Mobile developer, who was informed of the servers exposed on January 20 but did not solve the problem before March 28, after cybersecurity researchers published a report on the servers exposed.
Explicit images exhibited
Cybernews researcher, Aras Nazarovas, discovered the servers of private images exposed while carrying out an analysis on the code which feeds the BDSM People application.
“The first image of the file was a naked man in their thirties. As soon as I saw him, I realized that this file should not have been public,” Nazarovas told the BBC.
On the servers, Nazarovas has found several hundred gigabytes of photos, including images of profiles, images sent in direct messages, images that have been deleted from the application by moderators, photos of publications, profile verification photos and photos included in the comments.
Although the problem has now been corrected, there is no way to know how long the servers have been exposed, or if Nazarovas was the only person to discover the explicit images.
A Mad Mobile spokesperson said: “We appreciate their work and have already taken the necessary measures to solve the problem. An additional update for applications will be published on the App Store in the coming days. ”
Apart from the risk of extortion posed by unprotected cloud storage buckets, users of applications in countries with hostile attitudes towards LGBT peoples have also been endangered.
The applications and dating sites are lucrative targets for pirates due to the very sensitive identifiable information that they store. If they are affected by a ransomware attack, the attackers could not only extort the company for money, but also threaten individuals from the exposure of their data if they do not pay for fees.
