Due to a security flaw in the gay dating service Jack’d million photos of its users were exposed online
The Jack’d gay dating app mistakenly exposed private photos of its users, according to network security and ethical hacking experts from the International Institute of Cyber Security, anyone could have accessed these private images using a conventional web browser even if they were not registered in the app.
Investigator Oliver Hough claims that he reported the flaw to Jack’d team almost a year ago. Although the company never answered Hough, they seem to have implemented a correction of this flaw in recent days.
The failure was publicly reported for the first time last February 5; British media resumed the news to prevent users, as experts in network security mentioned that at that time the error was not corrected.
Jack’d registers more than 5 million downloads in the Google Play App Store. The app allows members to add “private” photos to their profile, which should be visible to them only.
However, the network security expert found that all the photos shared in the application were loaded on the same server without insure, leaving exposed online. Private photos could still be found using an Internet search engine until last Thursday.
Some cybersecurity specialists believe that the app may also have leaked additional information, such as location data and personal identification metadata from app users.
So far Jack’d have not officially spoken about the incident, although the corrections have already been implemented. “The company accepted my report, but then stopped contacting me,” says Hough. “A journalist contacted Jack’d last November and acted the same way.”
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.