Gay dating app to pay $250k USD fine for exposing users’ nude pics
IT security audit specialists report that Jack’d,the gay dating app will pay a fine of nearly $250k USD after exposing users’ private photos online. Anyone with access to a web browser, and with the necessary knowledge of exposed databases, was reportedly able to access these records, made up of millions of user photos, even without a Jack’d account.
According to documents filed at the court, New
York Attorney General Letitia James says the app committed a violation of
users’ privacy. Online Buddies, the company that owns Jack’d’s service, was
unable to correct the security incident despite having worked on it for a year,
According to the Attorney General, “Online
Buddies exposed the confidential data, including intimate photographs of Jack’d
users, and spent a full year without the company taking appropriate steps to
address this inconvenience, operating normally to prevent lost incomes”.
Attorney General James reported that New York
City reached an agreement with the company, which will have to pay a $240k USD
fine to the city government. In addition, Online Buddies is willing to
implementing a new information security program to ensure its users’ data
As IT security audit specialists mention, the
Jack’d app has been downloaded more than 5 million times from the official
Store platform. This service allows its users to add a section of
‘private photos’ in their profile; this content is only accessible to people
selected by the user.
Nevertheless, IT security audit specialists
from the International Institute of Cyber Security (IICS) mention that this
private content were uploaded to the same web server as the rest of the profile
content, leaving the confidential photos completely exposed. Oliver Hough, the
independent investigator in charge of reporting the finding, claims that the
company received and acknowledged the report, although they apparently decided
to do nothing to fix their oversights.