- Five Kink and LGBT applications presented confidential user images
- The images were stored on a password without password
- The applications developer left the problem not set for months
Five applications of exposed appointments more than 1.5 million private and explicit images after storing images in cloud storage cubes without password protection.
Cybersecurity researchers found that BDSM Image servers of People, Girl, Pink, Brish and Translve are highly vulnerable to computer pirates, putting between 800,000 and 900,000 people at risk of blackmail and extortion.
The five sites are all by developer Mad Mobile, who was notified of the servers set forth on January 20, but did not remedy the problem until March 28, after cybersecurity researchers published a report on the exposed servers.
Explicit images exhibited
The Cybernews researcher, Nazarovas Aras, discovered the private image servers exposed while performing an analysis on the code that feeds the BDSM People application.
“The first image in the folder was a naked man in about thirty years. As soon as I saw her, I realized that this folder should not have been public,” Nazarvas told the BBC.
On servers, Nazarovas found several hundred gigabytes of photo, including profiles of profiles, images sent in direct messages, images that were supposedly deleted from the application by moderators, photos of public publications, profiles of profile verification and photos included in the comments.
While the problem has now remedied, there is no way to know how long the servers were exposed, or if Nazarvas was the only person who discovered the treasure of explicit images.
A spokesman for Mad Mobile said: “We appreciate his work and we have already taken the necessary measures to address the problem. An additional update will be launched for applications in the App Store in the next few days.”
Outside the risk of extortion raised by unprotected cloud storage cubes, applications users in countries with hostile attitudes towards LGBT peoples were also put at risk.
Applications and dating sites are lucrative objectives for computer pirates due to highly sensitive personal identification information they store. If they are affected by a ransomware attack, the attackers could not only extort the company for money, but also threaten people with the exposure of their data if they do not pay a rate.
