Researchers have discovered about 1.5 million pictures from expert meeting applications, many of which are open, and hidden online without password protection and leave them vulnerable to computer pirates and extortion.
Anyone with the connection was able to view special photos from five platforms developed by Mad Mobile: Kink Sites BDSM People and Chica.
These services are estimated by 800,000 to 900,000 people.
Mad Mobile was first warned about the security defect on January 20, but on Friday, the BBC did not take action until E -Post was sent by E -Post.
They have fixed it since then, but they said how it was or why they couldn’t protect the sensitive images.
Ethical hacker Aras Nazarovas from CyberNews analyzed the code that strengthens the services and warned the company about the security hole after finding the location of online storage used by applications.
He was shocked because he could access the unencrypted and unprotected photos without a password.
“The first application I researched was the BDSM man, and the first image in the folder was a naked man in his thirties,” he said.
“When I saw it, I noticed that this folder should not be open to everyone.”
The images were not limited to those of the profiles, dedi he said – included some of the pictures sent to the messages and even some of them removed by moderators.
Mr. Nazarovas said that the discovery of unprotected sensitive material came with a significant risk for users of platforms.
Malicious computer pirates could have found images and challenging individuals.
There is also a risk for those who live in hostile countries to LGBT people.
None of the text content of private messages was hidden in this way, and images are not labeled with user names or real names, which will be more complex of the targeted attacks on users.
Mad Mobile in a E -Posta said that he was grateful to the researcher for revealing the security vulnerability in applications to prevent a data violation.
However, there is no guarantee that Mr. Nazarovas is the only hacker who finds the stash of the image.
“We appreciate your work and have taken the necessary steps to address the problem.” He said. “An additional update for applications will be published in the App Store in the coming days.”
The company did not answer other questions about where the company is based and why it took months to address the problem after the researchers’ warning.
Generally, security researchers expect users to fix a security vulnerability before publishing an online report if they put users at risk of attacks.
However, while Mr. Nazarovas and his team decided to give an alarm on Thursday, the problem was still experiencing because the company worried that the company did nothing to fix.
“This is always a difficult decision, but we think the people should know to protect themselves,” he said.
In 2015, malicious hackers stole a large amount of customer data about Ashley Madison users, a meeting website for married people who want to deceive their wives.
