iOS dating apps for BDSM and LGBTQ+ communities found to have exposed private photos.
Online dating is already an emotional minefield without the addition of anxiety over who can see your photos and messages, including those of the most sensitive nature. Online dating within the BDSM, LGBTQ+ and Sugar Daddy communities, even more so with regard to the confidentiality and privacy of such communications. If you are a member of any of these groups and have used one of five popular iOS dating apps, it would appear your worst nightmares have just come true.
BDSM, LGBTQ+, Sugar Daddy iPhone Dating Apps Exposed Private Data
Although most of the data leaks that I cover tend to involve such things as stolen passwords or credit cards turning up on the dark web, some things are even more frightening. Although you might think that passwords and financial data are the worst, I would argue that your private information, including sexually sensitive photography and private messages revealing your innermost fantasies, move into a whole new level of danger. Not only is there the apparent anxiety and fear of someone seeing these without your permission or knowledge, but it should go without saying that the security implications, especially for blackmail, are enormous. Especially when iPhone users, rightly or wrongly, tend to have the greatest expectation of privacy among smartphone users in my experience. The apps involved in this latest leak report are exclusive to the iOS platform, which makes the whole thing even more problematic in this regard.
According to Paulina Okunytė, Cybernews researchers have uncovered a number of popular iOS-specific dating apps that have leaked a massive amount of information. The apps, all from M.A.D Mobile Apps Developers Limited, had publicly accessible secrets published together with their code, the report said. These secrets can be things such as passwords, encryption keys or application programming interface keys. “In this case,” Okunytė said, “the most dangerous of leaked secrets granted access to user photos located in Google Cloud Storage buckets, which had no passwords set up.”
Totaling 1.5 million photos uploaded by users of the apps, these included private images sent using direct messaging and photos that had been removed for rules violations, as well as profile pictures and profile verification images.
Researchers Say These iPhone Dating Apps Were Impacted
According to the Cybernews research report, the following iOS apps were impacted by the data leak:
- BDSM People (which claims to be the number one kinky dating app)
- Brish (a gay dating app for men)
- Chica (a luxury dating app that the researchers said specializes in sugar daddy dating)
- Pink (a lesbian dating app)
- Translate (a transgender dating app)
When it comes to BDSM People alone, the researchers said that the aforementioned secrets left in the app code enabled them to access a data storage bucket containing 1.6 million files, including 541,000 images users sent to each other or uploaded to the app. The breakdown of the photo categories reveals the extent of the breach:
- 18,000 photos removed by moderators
- 270,000 user profile photos
- 70,000 photos from public posts
- 90,000 photos from user chats
- 65,000 blurred photos
- 28,000 profile verification photos
The Chica app data storage bucket contained:
- 2,200 Images sent via chats
- 11,000 photos uploaded as posts
- 4,700 images removed by the moderators
- 94,000 profile photos
- 23,000 photos uploaded for profile verification
“The LGBTQ+ community was also impacted by the data leak,” the Cybernews researchers said, “with three apps widely used within the community exposing sensitive user photos.”
I have reached out to both Apple and M.A.D Mobile Apps Developers Limited for a statement regarding the iPhone dating app leaks.
