Pictures of the users of the gay dating app Jack’d have appeared online. That’s because the developers set up their Amazon Web Services instance incorrectly. As a result, private images, including sensitive images, were placed on the Internet.
Jackd is a gay dating app that connects gay men from all over the world. They are usually men who simply want to meet each other, or men who are looking for sex. The app has been downloaded more than 1 million times from the Google Play Store and allows users to chat as well as share photos.
Everything on the internet
Safety investigator Oliver Hough reports to The Register that an exposed AWS S3 instance exposed all photos of Jack’s users worldwide. Security wasn’t in order at all. According to the researcher, anyone with a browser could access the photos, as long as the person in question knew where to look.
No authentication is required, there is no need to log into the app and no restrictions are set. This allows anyone to download the entire database of photos to blackmail people or to cause further chaos, according to The Register.
But if the unsecured instance is not enough, it turns out that the company has known about the problem for months. Hough says he told the company behind the app, LD Interactive LLC, three months ago that the data had been exposed. But the company hasn’t done anything to resolve the situation in all this time.
Due to the increased attention for the data leak, the incorrectly set AWS instance has been repaired in the meantime. However, the fact that the company knew about the problems, but has not done anything about them for a long time, is worrying. It is one of many examples of problems with companies’ AWS settings. Earlier, Verizon, Veeam, Accenrue and FedEx made similar mistakes.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.