IT security audit specialists report that Jack’d,the gay dating app will pay a fine of nearly $250k USD after exposing users’ private photos online. Anyone with access to a web browser, and with the necessary knowledge of exposed databases, was reportedly able to access these records, made up of millions of user photos, even without a Jack’d account.
According to documents filed at the court, New York Attorney General Letitia James says the app committed a violation of users’ privacy. Online Buddies, the company that owns Jack’d’s service, was unable to correct the security incident despite having worked on it for a year, specialists say.
According to the Attorney General, “Online Buddies exposed the confidential data, including intimate photographs of Jack’d users, and spent a full year without the company taking appropriate steps to address this inconvenience, operating normally to prevent lost incomes”.
Attorney General James reported that New York City reached an agreement with the company, which will have to pay a $240k USD fine to the city government. In addition, Online Buddies is willing to implementing a new information security program to ensure its users’ data protection.
As IT security audit specialists mention, the Jack’d app has been downloaded more than 5 million times from the official Google Play Store platform. This service allows its users to add a section of ‘private photos’ in their profile; this content is only accessible to people selected by the user.
Nevertheless, IT security audit specialists from the International Institute of Cyber Security (IICS) mention that this private content were uploaded to the same web server as the rest of the profile content, leaving the confidential photos completely exposed. Oliver Hough, the independent investigator in charge of reporting the finding, claims that the company received and acknowledged the report, although they apparently decided to do nothing to fix their oversights.