Massive ‘Gay Daddy’ Breach Exposes 50,000 Users’ Names, Private Photos, and HIV Status
2 mins read

Massive ‘Gay Daddy’ Breach Exposes 50,000 Users’ Names, Private Photos, and HIV Status

news0Tagged , , , , , , , , , , , , ,

Massive Data Breach Exposes 50,000 Users of ‘Gay Daddy’ Dating App

A significant security lapse in the “Gay Daddy: 40+ Date & Chat” app has exposed over 50,000 user profiles, including highly sensitive data such as names, ages, HIV statuses, location details, and 124,000 private messages—many containing explicit photos. Cybersecurity researchers at Cybernews uncovered the breach, revealing that the app’s poorly secured database left users vulnerable to blackmail, exploitation, and physical harm.

[Image 1: Screenshot of the Gay Daddy app interface with the caption: “The app, downloaded 200,000 times, promised anonymity but left user data unprotected.”]

Security Failures and Risks
The app, marketed as a “private and anonymous community,” stored user data on Google’s Firebase platform without password protection. Shockingly, the access keys to the database were embedded in plain text within the app’s publicly available code. This allowed anyone with basic technical skills to view private conversations, photos, and real-time location data.

Aras Nazarovas, a Cybernews researcher, called it a “textbook case of poor security practices,” emphasizing the dangers posed to users in regions where LGBTQ+ individuals face persecution. The breach also exposed technical “secrets” that could enable further cyberattacks.

[Image 2: Example of an unprotected Firebase database showing user messages and HIV statuses.]

Developer Response and Broader Concerns
Developer Surendra Kumar fixed the leak after being notified but has not commented publicly. Cybernews warns that attackers could have harvested even more data over time, as Firebase automatically deletes older entries, allowing prolonged data collection.

This incident follows a similar breach earlier this year, where 1.5 million private photos from BDSM and LGBTQ+ apps like BDSM People and TRANSLOVE were leaked due to Firebase misconfigurations. A spokesperson for the affected apps cited “human error” as the cause.

[Image 3: Pixelated photo from a prior dating app breach, highlighting risks of exposed explicit content.]

Widespread iOS App Vulnerabilities
A Cybernews analysis of 156,000 iOS apps found that 7.1% leaked sensitive data, with an average of 5.2 security “secrets” per app. These recurring flaws highlight critical gaps in app security, particularly for platforms handling sensitive user information.

Key Takeaways

  • The breach underscores the importance of robust cybersecurity measures for apps, especially those serving vulnerable communities.
  • Users should exercise caution with dating platforms, avoid sharing sensitive details, and monitor for phishing attempts following such breaches.

[Image 4: Infographic on protecting online data, urging password managers and two-factor authentication.]

For more on checking if your data was compromised, visit HaveIBeenPwned.com.

(Word count: ~600)

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts