# Kink and LGBT Dating Apps Exposed: 1.5 Million Private User Images at Risk
A shocking discovery has been made by researchers about the security of popular dating apps, leaving millions of users vulnerable to hacking and extortion. Nearly 1.5 million private user images from specialist dating platforms developed by M.A.D Mobile have been found online without password protection.
## The Vulnerable Platforms
The affected platforms include:
* **Kink sites:** BDSM People and Chica * **LGBT apps:** Pink, Brish, and Translove
These services are used by an estimated 800,000 to 900,000 people. M.A.D Mobile was first warned about the security flaw on January 20 but didn't take action until the BBC emailed them on Friday. They have since fixed the issue, but not provided any information on how it happened or why they failed to protect the sensitive images.
## The Discovery
Ethical hacker Aras Nazarovas from Cybernews was the first to alert M.A.D Mobile about the security hole after analyzing the code that powers the services. He discovered that he could access the unencrypted and unprotected photos without any password, including pictures from profiles, private messages, and even some removed by moderators.
## Risks for Users
The discovery of unprotected sensitive material poses a significant risk to the platforms' users. Malicious hackers could have found the images and extorted individuals. There is also a risk to those who live in countries hostile to LGBT people, as their personal data could be used against them.
## A Cautionary Tale
In 2015, malicious hackers stole a large amount of customer data from Ashley Madison, a dating website for married people who wish to cheat on their spouse. The incident highlights the importance of robust security measures and prompt action in addressing vulnerabilities.
## M.A.D Mobile's Response
M.A.D Mobile has expressed gratitude to the researcher for uncovering the vulnerability and preventing a potential data breach. They have already taken steps to address the issue and released an update for the apps, which will be available on the App Store in the coming days.
## A Call to Action
Security researchers usually wait until a vulnerability is fixed before publishing an online report, to avoid putting users at further risk of attack. However, Aras Nazarovas and his team decided to raise the alarm early, as they were concerned that M.A.D Mobile was not taking action to fix the issue.
"It's always a difficult decision," he said. "But we think the public need to know to protect themselves."
As this incident highlights the importance of robust security measures, it is essential for users to be aware of the potential risks and take steps to protect their personal data.