"1.5 Million Private BDSM App Photos Leaked—Verify If Your Data Is Exposed"
2 mins read

"1.5 Million Private BDSM App Photos Leaked—Verify If Your Data Is Exposed"

news0Tagged , , , , , , , , , , ,

Urgent Warning: 1.5 Million Private Dating App Photos Exposed

Cybersecurity experts have issued an urgent alert after nearly 1.5 million private photos from dating apps—including kink and LGBTQ+ platforms—were found exposed online. Affected apps, developed by M.A.D Mobile, include BDSM People, CHICA, PINK, BRISH, and TRANSLOVE. The leaked data contained explicit verification images, moderated content, and private messages, all stored without password protection, leaving them accessible to anyone with a direct link.

Private images from BDSM People (blurred for privacy) were publicly accessible due to unsecured storage.
Blurred example of exposed private images from BDSM People.

How It Happened
Researchers at Cybernews discovered the vulnerability, which exposed 128GB of data and 1.6 million files across the apps. Ethical hacker Aras Nazarovas traced the flaw to publicly visible code containing “secrets”—passwords and storage location links. These led to unsecured cloud “buckets” with no authentication required.

“An attacker only needed the bucket name, hardcoded in the app, to access all images,” Nazarovas explained. For example, BDSM People’s bucket included 541,000 explicit photos from users. Similarly, CHICA, a luxury dating app, leaked 133,000 images via its code.

Code from BDSM People's app led to unsecured storage of user data.
Unsecured code in BDSM People’s app exposed sensitive data.

Company Response
M.A.D Mobile claims the issue is resolved, stating they’re “confident no images were downloaded maliciously” and attributing the lapse to “human error.” However, they’re still investigating why sensitive data lacked basic protections like encryption or access controls.

Risks to Users
While images weren’t linked to accounts, experts warn they could be used for blackmail or identity exposure, especially for LGBTQ+ users in regions where homosexuality is criminalized. Over 200,000 downloads of BDSM People alone suggest widespread risk.

Exposed private message from Translove app highlights security flaws.
A private message from Translove, leaked due to poor security.

Broader Implications
Cybernews’ analysis of 156,000 iOS apps found 7.1% leaked sensitive data, averaging 5.2 secrets per app. This underscores systemic security gaps in app development.

Stay Protected
Users should:

  • Avoid sharing sensitive content on apps.
  • Enable two-factor authentication.
  • Monitor accounts for suspicious activity.

M.A.D Mobile’s lapse highlights the critical need for stricter data protection measures in an era where digital privacy is increasingly vulnerable.

CHICA app’s data breach included 45GB of user images.
CHICA’s breach exposed private images shared by users.

For more on securing your data, visit cybersecurity resources like Have I Been Pwned to check compromised accounts.

(Word count: ~600)

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts