TZUTC: -0500   
   MSGID: 795.consprcy@1:2320/105 2c4fe58a   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Major dating app data breach may have exposed 1.5 million private user images   
   online   
      
   Date:   
   Mon, 31 Mar 2025 13:02:00 +0000   
      
   Description:   
   Several apps from developer M.A.D Mobile had unprotected image servers that   
   stored private and explicit photos without password protection.   
      
   FULL STORY   
      
   Five dating apps exposed over 1.5 million private and explicit images after   
   storing the images in cloud storage buckets without any password protection.    
      
   Cybersecurity researchers found the image servers of BDSM People, Chica,    
   Pink, Brish and Translove to be highly vulnerable to hackers, putting between   
   800,000 and 900,000 people at risk of blackmail and extortion.    
      
   The five sites are all from developer M.A.D Mobile, who was notified of the   
   exposed servers on January 20 but did not remediate the issue until March 28,   
   after the cybersecurity researchers published a report on the exposed    
   servers.   
      
   Explicit images exposed    
      
    Cybernews researcher Aras Nazarovas discovered the exposed private image   
   servers while conducting analysis on the code that powers the BDSM People    
   app.    
      
   The first image in the folder was a naked man in his thirties. As soon as I   
   saw it I realised that this folder should not have been public," Nazarovas   
   told the BBC .    
      
   On the servers, Nazarovas found several hundred gigabytes of photos,    
   including images from profiles, images sent in direct messages, images that   
   were supposedly removed from the app by moderators, photos from public posts,   
   profile verification photos, and photos included in comments.    
      
   While the issue has now been remediated, there is no way of knowing how long   
   the servers were exposed, or if Nazarovas was the only person to discover the   
   trove of explicit images.    
      
   A M.A.D Mobile spokesperson said, We appreciate their work and have already   
   taken the necessary steps to address the issue. An additional update for the   
   apps will be released on the App Store in the coming days.    
      
   Outside of the risk of extortion posed by the unprotected cloud storage   
   buckets, users of the apps in countries with hostile attitudes to LGBT    
   peoples were also put at risk.    
      
   Dating apps and sites are lucrative targets for hackers due to the highly   
   sensitive personally identifiable information they store. If hit by a   
   ransomware attack, the attackers could not only extort the company for money,   
   but also threaten individuals with the exposure of their data if they dont    
   pay a fee.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/major-dating-app-data-breach-may-have-e   
   xposed-1-5-million-private-user-images-online   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426