Skip to main content
Daily Star

Kink dating apps exposed 1.5m private user images online across five platforms

The explicit pictures were from five platforms developed by M.A.D Mobile, including a kink site and another used by the LGBTQ+ community, which are used by around 800,000 to 900,000 people

Comments
News
Paul McAuley
10:35, 30 Mar 2025
Chica was one of the five apps that were reportedly open to hackers
Chica was one of the five apps that were reportedly open to hackers(Image: Chica)

Over a million private images were found to be stored online without password protection, leaving them open to hackers and blackmailers. Researchers discovered anyone with a certain link can access private photos, many of which are explicit, from five platforms developed by M.A.D Mobile.

The included kink sites BDSM People and Chica, and LGBT apps Pink, Brish and Translove. These services are used by an estimated 800,000 to 900,000 people.


Article continues below

M.A.D Mobile was first alerted about the security flaw on 20 January but didn't take action until the BBC emailed on Friday March 28. They have since rectified it but have not explained how it occurred or why they failed to safeguard the sensitive images.

Safety concerns were highlighted for the likes of the LGBTQ+ community if they live in a hostile country
Safety concerns were highlighted for the likes of the LGBTQ+ community if they live in a hostile country(Image: Chica)

Ethical hacker Aras Nazarovas from Cybernews initially warned the company about the security breach after discovering the location of the online storage used by the apps by analysing the code that powers the services.


He was taken aback that he could access the unencrypted and unprotected photos without any password. He said: "The first app I investigated was BDSM People, and the first image in the folder was a naked man in his thirties. As soon as I saw it I realised that this folder should not have been public."

The images were not limited to those from profiles, he said. They included pictures which had been sent privately in messages, and even some which had been removed by moderators.

The loophole has now been fixed but no justification was given
The loophole has now been fixed but no justification was given(Image: Getty Images)

Cybersecurity expert Mr Nazarovas has raised the alarm over a significant hacking risk after uncovering unprotected sensitive material that could endanger users of certain platforms.

He highlighted the potential for malicious hackers to exploit the images and extort individuals, particularly those in countries hostile to LGBT communities. While private message content and user identities were not compromised, the lack of security still presents a complex threat.

M.A.D Mobile expressed gratitude to the researcher via email for identifying the vulnerability, ensuring no data breach occurred, and confirmed steps have been taken to rectify the issue, with an app update imminent.


It is unsure if any other hackers got into the photos as of yet
It is unsure if any other hackers got into the photos as of yet(Image: Getty Images/iStockphoto)

However, concerns linger as there's no certainty that Mr Nazarovas was the sole discoverer of the exposed data.

A spokesperson from M.A.D mobile said: "We appreciate their work and have already taken the necessary steps to address the issue. An additional update for the apps will be released on the App Store in the coming days."

Article continues below

The company remained tight-lipped when asked about its location and the delay in resolving the problem despite repeated warnings.

Security researchers typically withhold reports until vulnerabilities are patched to avoid increasing user risk, but Mr Nazarovas and his team chose to publicise the ongoing issue due to the company's inaction.

He added: "It's always a difficult decision but we think the public need to know to protect themselves,". Hackers managed to breach the Ashley Madison cheating website in 2015 and stole sensitive information about those who used it, leaving a trail of destruction in its wake.

Follow Daily Star:

BBCDatingTinderBbcCheating

reach logo

At Reach and across our entities we and our partners use information collected through cookies and other identifiers from your device to improve experience on our site, analyse how it is used and to show personalised advertising. You can opt out of the sale or sharing of your data, at any time clicking the "Do Not Sell or Share my Data" button at the bottom of the webpage. Please note that your preferences are browser specific. Use of our website and any of our services represents your acceptance of the use of cookies and consent to the practices described in our Privacy Notice and Cookie Notice.