Intimate Images Of Users Leaked From An Online Gay Dating App

An online dating app, Jack’d have been hacked and millions of x-rated selfies that were privately exchanged between the users have been leaked online.

According to a report by BBC news, anyone with a web browser and knows where to look can access the photos, even without a Jack’d account.

Researcher Oliver Hough told BBC News he had reported the flaw to Jack’d a year ago.

Screen Actors Guild Awards- exclusively in pictures

Jack’d have been downloaded more than five million times on the Google Play app store. It lets members add “private” photos to their profile, which should be visible to only specific people they have chosen to share them with. However, Mr Hough found that all the photos shared in the app were uploaded to the same open web server, leaving them exposed. “They acknowledged my report but then just went silent and did nothing,” Mr Hough told BBC News.

Image courtesy – aazah.com

According to news website Ars Technica, Jack’d application has been leaving images posted by users and marked as “private” in chat sessions open to browsing on the Internet, potentially exposing the privacy of thousands of users. Photos were uploaded to an AWS S3 bucket accessible over an unsecured Web connection, identified by a sequential number. By simply traversing the range of sequential values, it was possible to view all images uploaded by Jack’d users, public or private. Additionally, location data and other metadata about users were accessible via the application’s unsecured interface’s backend data.

The result was that intimate, private images including pictures of genitalia and photos that revealed information about users’ identity and location—were exposed to public view. Because the images were retrieved by the application over an insecure Web connection, they could be intercepted by anyone monitoring network traffic, including officials in areas where homosexuality is illegal, homosexuals are persecuted, or by other malicious actors. And since location data and phone identifying data were also available, users of the application could be targeted.

Sick Of Swiping On Fake Selfies? This Indian LGBT App Is Changing The Dating Game

Earlier this week, the company’s CEO, Mark Girolamo, told Ars Technica a fix would be deployed on Thursday.

BBC News saw evidence that private photos were still publicly available on the web server as of Thursday morning.

Jack’d is yet to issue a statement, or even notify affected users.

Source – bbc.com, arstechnica.com

Latest Posts

  • One Punch Man Game: All You Need To Know

    One Punch Man Game: All You Need To Know0

    Right after the first post-announcement trailer for One Punch Man: A Hero Nobody Knows’ revealed confirmation that additional of four more characters to the game. Saitama himself and other characters were already to be part of the squad, though the newest trailer focuses on the villains that you’ll encounter. Vaccine Man, Mosquito Girl, Carnage Kabuto,

    READ MORE
  • Top 7 Hill Stations You Have To Visit In South India

    Top 7 Hill Stations You Have To Visit In South India0

    From the stressful environment of the cities, people always want a getaway and let them loose. What’s the perfect place you ask? Well, These Hill Stations might do the job. Here is a list of Top 7 Hill stations in South India in My Opinion: Kodaikanal (Kodai) Referred to as the ‘Princess of Hill stations’,

    READ MORE
  • Top 5 Best Breweries In Bangalore

    Top 5 Best Breweries In Bangalore0

    After a long and tiring week, sometimes all you want to do is get a few cold beers with some friends and move your body to them groovy tunes. When you are in the Garden City of India, you do not have to scramble too hard to find a great place to have a wonderful

    READ MORE

Leave a Comment

Your email address will not be published. Required fields are marked with *

Latest Posts

Most Commented

Featured Videos