A shocking security lapse has exposed intimate data from several niche dating apps, with an estimated 1.5 million explicit user images leaked online. The breach, uncovered by ethical hackers, reveals just how vulnerable sensitive user information can be—even on platforms claiming to prioritise privacy. The affected apps cater to users in the BDSM, LGBTQ+, and sugar dating communities, sparking widespread alarm over their inadequate cybersecurity protections.
Millions of 'Sensitive Secrets' Left Unsecured
The vulnerability was first reported by Cybernews, which found that dating apps such as BDSM People, CHICA, TRANSLOVE, PINK, and BRISH had left sensitive secrets exposed in their source code. These 'secrets'—including unencrypted API keys, passwords and user verification data—are critical to safeguarding private content and communications.
The leaked cache includes not only profile images but also private messages, moderator-deleted posts, and verification pictures. Cybernews researchers explained that they downloaded over 156,000 iOS apps—approximately 8% of those available on the App Store—and found numerous instances where developers had embedded plaintext credentials within app code.
A Breakdown of the Image Leaks
Among the worst affected was 'BDSM People – Kinky Fetish Dating', which saw more than 541,000 images exposed. These included:
- 270,000 user profile images
- 90,000 photos from user chats
- 28,000 profile verification pictures
- 65,000 blurred images
- 18,000 images removed by moderators
Other apps in the leak, according to BBC News, revealed similarly alarming figures:
- CHICA – Selective Luxy Dating: 2,200 chat images, 94,000 profile images, and 23,000 verification photos
- TRANSLOVE: Over 140,000 photos, including 5,000 private messages and 8,800 verification images
- PINK: Nearly 320,000 chat, post and verification images
- BRISH: More than 375,000 photos, including blurred images, posts, and profile verifications
All five apps are developed by M.A.D. Mobile Apps Developers Limited, which initially declined to comment. However, the company later responded via email, thanking the ethical hacker who uncovered the flaw and confirming that they had taken corrective steps.
'We appreciate their work and have already taken the necessary steps to address the issue,' a spokesperson said. 'An additional update for the apps will be released on the App Store in the coming days.'
Despite the fixes, there is no guarantee that the ethical hacker was the only person to access the unsecured data.
A Worrying Pattern of Dating App Breaches
This latest incident adds to a growing list of security failures across the online dating industry. In 2015, Ashley Madison was infamously hacked, exposing 32 million users and sparking public scandals and even suicides. In 2020, AdultFriendFinder leaked more than 400 million accounts, while Grindr faced backlash in 2018 for disclosing users' locations and HIV statuses through a data flaw.
More recently, in 2023, Tinder and Bumble were caught up in another controversy when user content—including explicit images—was allegedly scraped and sold online.
These ongoing breaches raise serious questions about how dating apps manage personal and highly sensitive data, particularly when serving vulnerable or marginalised groups. The latest revelations underline the urgent need for more robust regulation and better security standards in the online dating world, where personal privacy should never be an afterthought.
Originally published on IBTimes UK
© Copyright IBTimes 2025. All rights reserved.
