Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Researchers have discovered almost 1.5 million images from special dating applications – many of which are obvious – stored on the Internet without password protection, leaving them vulnerable to hackers and ransomware.
Anyone with reference was able to view private photos from the five platforms developed by Mad Mobile: Kink BDSM People and Chica Sites, and LGBT Apps Pink, Brish and Transove.
These services are used by approximately 800,000 to 900,000 people.
Mad Mobile was first warned about the lack of security on January 20, but did not take the action until the BBC went on Friday.
Since then, they have corrected, but have not said how it happened and why they couldn’t protect sensitive images.
Ethical hacker Aras Nazaros of Cybernews first warned the security firm after searching for the location of the Internet maintenance used by applications by analyzing the code that is the power of the service.
He was shocked that could access unbroken and unprotected photos without any passwords.
“The first addition I researched was BDSM people, and the first image in the folder was a naked man in the thirties,” he said.
“As soon as I saw it, I realized that this folder should not be public.”
According to him, the images were not limited to profile data – they included photos that were sent privately in the message, and even some that were deleted by moderators.
Mr. Nazaros said that the discovery of unnamed sensitive material comes from a significant risk to platform users.
Malicious hackers could find images and demanding people.
There is also a risk to those who live in countries that are hostile to LGBT.
None of the textual content of private messages is stored in this way, and the images are not indicated by users’ names and real names, which will make a purposeful attack on users more complex.
In the Mad MABILE e -mail stated that it was grateful to the researcher for disclosing the vulnerability in the supplements to prevent data violation.
But there is no guarantee that Mr. Nazarova was the only hacker that found the picture.
“We evaluate their work and have already taken the necessary steps to solve the problem,” said the Mad Mobile Press. “An additional update for applications will come to the app store in the coming days.”
The company did not answer additional questions about where the company was founded and why it took months to resolve this issue after numerous warnings by researchers.
Usually, safety researchers wait for the vulnerability to be recorded before publishing the Internet report, if this exposes the users an additional risk of the attack.
But Mr. Nazaros and his team decided to raise the alarm on Thursday as long as the issue remained live, because they were concerned, the company did nothing to fix it.
“This is always a difficult solution, but we believe that the public needs to know to defend ourselves,” he said.
In 2015, malicious hackers stole a large number of customers about Ashley Madison users, dating site for married people who want to cheat spouses.
