A security flaw has left nearly 1.5 million explicit images from five dating apps—including Chica and BDSM People—vulnerable online, prompting calls for better cybersecurity in the industry.**
Security Breach Exposes 1.5 Million Private Images from LGBT and Kink Dating Apps**
Security Breach Exposes 1.5 Million Private Images from LGBT and Kink Dating Apps**
Warning issued after sensitive images from popular dating apps remain unprotected online, raising concerns for user safety.**
Researchers have uncovered a major security lapse involving nearly 1.5 million private images from several niche dating applications, leading to urgent concerns about user safety and data privacy. The apps, developed by M.A.D Mobile—namely BDSM People, Chica, Pink, Brish, and Translove—cater to communities like kink and LGBT individuals, with a combined user base of approximately 800,000 to 900,000.
The vulnerability was first highlighted in January, but M.A.D Mobile only acted after the BBC brought the issue into public view last Friday. Although the company has since rectified the flaw, it remains unclear how such sensitive material was initially left unprotected.
According to ethical hacker Aras Nazarovas from Cybernews, who discovered the oversight, the contents included not only profile pictures but also explicit images exchanged in private messages, some of which had previously been moderated and removed. Nazarovas expressed alarm at the ease with which he accessed these unencrypted photos without any protective measures in place.
This breach poses significant risks, especially for users residing in areas where LGBT individuals face severe discrimination or hostility. While no names were directly linked to the images, experts remain concerned that malicious actors could leverage this exposed data for extortion or harassment.
In a statement, M.A.D Mobile acknowledged the vulnerability and expressed gratitude to Nazarovas for bringing it to their attention, though they did not clarify the delay in addressing the issue after earlier warnings were issued. An additional software update aimed at further securing the applications is expected soon.
In the tech community, it is common practice for security researchers to wait until a vulnerability is entirely resolved before disclosing their findings, to prevent further risks to affected users. However, in light of M.A.D Mobile's inaction, Nazarovas and his team made the decision to alert the public without delay. "It's a tough call, but public safety was our priority," he explained.
This incident echoes past breaches where sensitive information from dating services—such as the infamous Ashley Madison hack—was exposed, reminding users of the importance of robust security measures in the digital age.
