Due to a security flaw in the gay dating service Jack’d million photos of its users were exposed online
The Jack’d gay dating app mistakenly exposed private photos of its users, according to network security and ethical hacking experts from the International Institute of Cyber Security, anyone could have accessed these private images using a conventional web browser even if they were not registered in the app.
Investigator Oliver Hough claims that he reported the flaw to Jack’d team almost a year ago. Although the company never answered Hough, they seem to have implemented a correction of this flaw in recent days.
The failure was publicly reported for the first time last February 5; British media resumed the news to prevent users, as experts in network security mentioned that at that time the error was not corrected.
Jack’d registers more than 5 million downloads in the Google Play App Store. The app allows members to add “private” photos to their profile, which should be visible to them only.
However, the network security expert found that all the photos shared in the application were loaded on the same server without insure, leaving exposed online. Private photos could still be found using an Internet search engine until last Thursday.
Some cybersecurity specialists believe that the app may also have leaked additional information, such as location data and personal identification metadata from app users.
So far Jack’d have not officially spoken about the incident, although the corrections have already been implemented. “The company accepted my report, but then stopped contacting me,” says Hough. “A journalist contacted Jack’d last November and acted the same way.”