Nearly 1.5 Million Private Photos from Five Dating Apps Were Exposed Online (bbc.com)
- Reference: 0176861173
- News link: https://yro.slashdot.org/story/25/03/30/0236216/nearly-15-million-private-photos-from-five-dating-apps-were-exposed-online
- Source link: https://www.bbc.com/news/articles/c05m5m5v327o
And the images weren't limited to those from profiles, the BBC learned from the ethical hacker who discovered the issue. "They included pictures which had been sent privately in messages, and even some which had been removed by moderators..."
> Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile [including two kink/BDSM sites and two LGBT apps]... These services are used by an estimated 800,000 to 900,000 people.
>
> M.A.D Mobile was first warned about the security flaw on 20th January but didn't take action until the BBC emailed on Friday. They have since fixed it but not said how it happened or why they failed to protect the sensitive images. Ethical hacker Aras Nazarovas from Cybernews first alerted the firm about the security hole after finding the location of the online storage used by the apps by analysing the code that powers the services...
>
> None of the text content of private messages was found to be stored in this way and the images are not labelled with user names or real names, which would make crafting targeted attacks at users more complex.
>
> In an email M.A.D Mobile said it was grateful to the researcher for uncovering the vulnerability in the apps to prevent a data breach from occurring. But there's no guarantee that Mr Nazarovas was the only hacker to have found the image stash.
"Mr Nazarovas and his team decided to raise the alarm on Thursday while the issue was still live as they were concerned the company was not doing anything to fix it..."
[1] https://www.bbc.com/news/articles/c05m5m5v327o
pictures or (Score:5, Funny)
it never hapened.
Re:pictures or (Score:4, Funny)
It is mostly dickpicks. You sure you want to see them?
Re: (Score:2)
It's only 1.5 million images, we have plenty of people who'd volunteer to classify and filter them -- and, select the best. Although, shameful to say, I'd prefer to use tags made by magatees, as their definition of "woman" is the one I'd want to filter on.
Jokes on you (Score:3)
If you viewed any BDSM pictures of me. Have fun getting that burn out of your retina.
Re: (Score:2)
> If you viewed any BDSM pictures of me. Have fun getting that burn out of your retina.
Can we take that as an admission?
Or maybe a threat by desperate exhibitionists now going around all the apps, talking to themselves and trying to get exposed?
I always wondered about the fact that when an app with initials AM that aimed to help people have secret affairs (If you don't know I'm not going to help you find them) got much more popular after a data leak.
Re: Jokes on you (Score:2)
Nah. IRL I am way too lazy to be desperate at anything. Or, in the case of an affair, also too lazy. Seems like a lot of sneaking around when I already have a woman who kindly agrees to have sex with me once in a while.
Reminds me ... (Score:3, Interesting)
... of the old days of the web and my misspent youth.
"Huh, if there's a "babe31.jpg", then I wonder if there's a babe32 and a babe33 ..."
good luck trying to blackmail me (Score:2)
i was outed when i was a teenager so no secrets here
Obvious comment (Score:4, Insightful)
If you do not want others to see the pictures then do not put them anywhere that you do not control 100%. Even better: do not take them in the first place.
People know this, but will make the same mistake over and over again.
Re: (Score:2)
There are some people who do know better and even a few who learn the hard way and now know better, but there's always a new batch of wet-behind-the-ears fools to make the same set of mistakes all over again.
Re: (Score:2)
> There are some people who do know better and even a few who learn the hard way and now know better, but there's always a new batch of wet-behind-the-ears fools to make the same set of mistakes all over again.
I'm sure some are wet in other places as well...
Re: (Score:2)
"Even better: do not take them in the first place."
If you don't want to be robbed, never earn any money.
It's not a private photo if you upload it on the.. (Score:4, Insightful)
Internet. Anything you say or upload on the internet unencrypted can be scene by all at some time.
Re: It's not a private photo if you upload it on t (Score:2)
Like not being able to spell "seen" I guess.
Exposure (not in a medical sense) ... (Score:2)
I thought the whole point of "dating apps" was to get "exposure" of whatever stuff you've got to strut. So ... the people whose dick, fanny and ropework-with-piercings pics (per other responses up-thread) have received additional exposure can expect to be invoiced for the benefit shortly.
What - their postal addresses, credit card numbers (so,"invoice, paid" notices even?) and home-, church- and spouse's-divorce-lawyer addresses were in the leak too? Well, who is surprised about that? More exposure! Higher
Another dick in the wall (Score:2)
Unless your private parts have a very distinct shape, colour, scars, birthmark or other distinctive feature, your dickpic is just going to drown in the sea of other dickpicks already present on the internet.
Shitty vendor has shitty security (Score:5, Interesting)
...this is not surprising. What is surprising is that they were told about this and had a couple of money to find even a rudimentary workaround and they didn't.
What about the potential irreparable harm done to the users? Executives should lose their jobs and yet we know they won't.
They'll probably blame some engineer because they don't know anything about the tech...
Organisational risk is owned by the senior management team. No excuses.