More than a million private photos of dating applications online online

Researchers have discovered nearly 1.5 million images from specialized meetings – many of which are explicit – stored online without password protection, leaving them vulnerable to pirates and extorters.

Anyone with the link could have seen the private photos of five platforms developed by Mad Mobile: Kink Sites BDSM People and Chica, and LGBT Pink, Brish and Translove applications.

These services are used by around 800,000 to 900,000 people.

Mad Mobile was warned for the first time of the security defect on January 20, but did not take action before the BBC was sent by e-mail on Friday.

Since then, they have corrected it but have not said how it happened or why they did not protect sensitive images.

The Ethical Pirate Aras Nazarovas of Cybernews first alerted the company to the safety hole after finding the location of the online storage used by the applications by analyzing the code which feeds the services.

It was shocked that he could access the unacceptable and unprotected photos without any password.

“The first application on which I investigated was BDSM, and the first image of the file was a naked man in their thirties,” he said.

“As soon as I saw it, I realized that this file should not have been public.”

The images were not limited to those of the profiles, he said-they understood images which had been sent in private in messages, and even some which had been deleted by moderators.

Nazarovas said that the discovery of unprotected sensitive materials has a significant risk for platform users.

The malicious pirates could have found the images and the individuals extorted.

There is also a risk for those who live in countries hostile to LGBT people.

None of the text content of private messages have been stored in this way and the images are not labeled with user names or real names, which would make the manufacture of targeted attacks in more complex users.

In a MAD Mobile email, said that the researcher was grateful to have discovered the vulnerability of applications to prevent a data violation.

But there is no guarantee that Mr. Nazarovas was the only pirate to have found the image hiding place.

“We appreciate their work and have already taken the necessary measures to solve the problem,” said a Mad Mobile spokesperson. “An additional update for applications will be published on the App Store in the coming days.”

The company did not answer new questions about where the company is based and why it took months to solve the problem after several researchers.

Usually, security researchers are waiting for a vulnerability to be fixed before publishing an online report, in case it puts users to risk other attacks.

But Mr. Nazarovas and his team decided to relaunch the alarm on Thursday when the problem was still live because they feared that the company did nothing to repair it.

“It’s always a difficult decision, but we think the public must know to protect themselves,” he said.

In 2015, malicious pirates stole a large amount of customer data on Ashley Madison users, a dating website for married people who wish to deceive their spouse.