Kink and LGBT dating apps exposed 1.5m private user images online

BBC - Mar 30th, 2025

Researchers found nearly 1.5 million explicit photos from specialist dating apps stored online without password protection, exposing users to potential hacking and extortion risks. The apps, developed by M.A.D Mobile, include BDSM People, Chica, Pink, Brish, and Translove, serving around 800,000 to 900,000 users. Despite being warned about the vulnerability on January 20, the company only took action after the BBC intervened. Ethical hacker Aras Nazarovas from Cybernews discovered the flaw and highlighted the risk of these images being used maliciously, especially in countries hostile to LGBT individuals. M.A.D Mobile has since addressed the issue but has not disclosed the cause or the reason for their delayed response.

The incident underscores the critical importance of robust cybersecurity measures, particularly for platforms handling sensitive personal data. The unprotected storage of explicit images not only jeopardizes user privacy but also raises concerns about the potential for extortion and targeted attacks. This situation echoes the 2015 Ashley Madison hack, where user data was similarly compromised. The lack of immediate action by M.A.D Mobile after initial warnings raises questions about the company's security protocols. Public disclosure of the vulnerability by Nazarovas' team was deemed necessary to protect users, highlighting the ethical challenges faced by security researchers in balancing disclosure and user safety.

Cybersecurity Privacy Dating Apps Data Breach M.A.D Mobile Lgbt Rights Aras Nazarovas Cybernews Ashley Madison

Story submitted by Fairstory

RATING

7.6

Fair Story

Consider it well-founded

The article provides a comprehensive overview of a significant security breach involving dating apps, supported by credible sources and a clear narrative. It effectively highlights the risks associated with data exposure and the responsibilities of app developers. While the story is timely and relevant, further input from independent experts and affected users could enhance its balance and depth. The technical aspects are generally well-explained, making the article accessible to a broad audience. Overall, the story succeeds in raising awareness of important privacy issues while maintaining a factual and objective tone.

Accuracy

The story provides a detailed account of the security breach involving nearly 1.5 million images from dating apps, which aligns well with the facts presented. The claim that the images were stored online without password protection is consistent with the findings. The story accurately identifies the affected apps and the potential risks to users, including extortion and exposure in hostile environments. However, the exact timeline of M.A.D Mobile's response and the specific actions taken to fix the issue require further verification. The user base estimate and the nature of the vulnerability are also points that need confirmation.

Balance

The article primarily focuses on the security breach and the actions of M.A.D Mobile, providing a clear narrative from the perspective of the ethical hacker and the potential risks to users. However, it lacks input from independent security experts or affected users, which could provide a more balanced view of the situation. The company's response is included, but it could benefit from a more detailed exploration of their perspective and reasoning for the delayed action.

Clarity

The article is well-structured and uses clear, concise language to convey the events and implications of the security breach. The logical flow from discovery to resolution helps readers understand the situation. However, some technical terms related to cybersecurity might require further explanation for a general audience. Overall, the narrative is easy to follow, with a neutral tone that maintains focus on the facts.

Source quality

The main source of information is ethical hacker Aras Nazarovas, whose expertise lends credibility to the claims. The story also references a response from M.A.D Mobile, adding to the reliability of the information. While the sources are credible, the article could be strengthened by including insights from additional cybersecurity experts or industry analysts to corroborate the findings and provide broader context.

Transparency

The article is transparent about the discovery of the security flaw and the actions taken by M.A.D Mobile. It explains the role of the ethical hacker and the timeline of events. However, the lack of detailed information on how the vulnerability was fixed and the absence of responses to certain questions posed to M.A.D Mobile limit the transparency. More information on the methodology used by the hacker to discover the flaw would enhance the article's transparency.