The major data violation sees 50,000 profiles leaking from ‘gay daddy’ flirting application – revealing users’ names, special photos and HIV status

Cyber ​​security researchers leaked more than 50,000 profiles from a large data violation ‘Gay Daddy’ flirting application.

The exposed data contain extremely sensitive information, including users’ names, age, location data and HIV status.

According to experts CybernwsThe exposed database also contains more than 124,000 private messages and photos, many of which are open.

While the application markets itself as a ‘private and anonymous community’, researchers say that everyone can be accessed by everyone with ‘basic technical knowledge’.

Researchers say the application puts the ‘destructive’ security failure at the risk of serious blackmail, exploitation and even physical damage.

Since the problem was warned, the developer of the application Surendra Camar has corrected the leak, but did not respond to requests for comments.

Aras Nazarovas, the chief researcher of CyberNews, says: ‘This is a textbook on how weak security practices can risk real people.

‘For an anonymity that promises anonymity, shocking to see how easily a user’s special conversations, personal information and even location data can be accessed.’

‘Gay Daddy: 40+ History and Chat’ has been downloaded 200,000 times, but seems to be protected by a single individual. Experts say that the safety of the application is so weak and that users’ data can be obtained by everyone who has’ basic technical knowledge ‘.

‘Gay Daddy: 40+ History and Chat’ application ‘Local gay daddy, 40+ age, open -minded gay and bisexual’ offers the chance to meet.

The iOS App Store page adds that it is a special and anonymous community in which the local open -minded mature gay and bisexual meets each other ‘.

The application has been downloaded more than 200,000, but one person seems to be protected by Mr. Gambling.

However, although the data claimed that the data was never shared with the third parties, the researchers found that users’ knowledge was extremely protected.

It was stored using a system called Firebase, a tool developed by Google to facilitate features such as users, application development and data storage and real -time chats.

Firebase storage not only is protected, but also the information required to find it was written directly to the public code of the application.

This means that anyone who devotes time to look at the code of the application can read the messages of users, see their pictures, and even access the location data without difficulty.

Mr. Nazarovas says: ‘Users expect the application to be discreet, but the opposite.

Gay Daddy application (in the picture) left the storage database to access the public code. Anyone with this information can access all users, including private messages, photos, locations and profiles, including name, age, relationship status and even HIV status.

This image shows the unprotected and public database. On the left, you can read a special call between the two of the application. On the right, you can read details of several user profiles, including names and HIV status.

‘This data leak endangers the safety of application users and allows threatening actors to read private messages and receive contact lists and location data.

‘This is also exposed to risks of financial, psychological and even physical damage, considering the ruling stigmatizations that surround homosexuality not only to cyber threats, but also, especially in certain countries.’

Likewise, in countries where homosexuality is illegal, this personal information can put users at the risk of serious persecution.

During the discovery, the Firebase storage point was already leaking 50,000 user profiles, but researchers say that a stable attacker could cause much more damage.

Firebase is only intended to be used as temporary storage, so that the old information is filling automatically.

This means that an attacker can hide in the database for a long time and gradually collect a larger database about users.

In addition to revealing the position of Firebase storage, the code of the application also contained precise technical information known as ‘secrets’ that could be used for further exploitative attacks.

However, without the approval of Mr. Kumar, the only developer of the application, it is impossible to know if someone else’s researchers have accessed this database.

During the discovery, the unsecured database leaked 50,000 user profiles, but cyber security experts say that a stable attacker could get much more information. This puts users of the application at the risk of serious blackmail, usurp and even physical damage

This comes after a CYBERNEWS investigation has leaked 1.5 million special photos from BDSM and LGBT dating applications. This picture (pixellli to maintain privacy) is one of the photographs that are open to the public and completely unprotected.

This comes after CyberNews revealed that approximately 1.5 million special photos, many of which are open, have leaked from BDSM and LGBT dating applications due to a similar security vulnerability.

Affected applications include BDSM People and Chica, as well as LGBT Dating Services Pink, Brish and Translove – all developed by Mad Mobile.

In total, these leaked applications revealed the special information and messages of 900,000 users.

Mad Mobile spokesman Mailonline said this critical security defect is probably caused by a ‘simple human error’.

Concerned, CyberNews research shows that such security defects can be shocked in the Apple App Store.

Researchers have reduced the App Store’s 156,000 iOS application, which is about eight percent of the App Store, and found that a large majority had the same security problem.

7.1 percent of the analyzed applications leaked at least one technical information or ‘hidden’, and the average application revealed 5.2 secrets.