A Data Bug On Jack'd Allows Any Internet User To See Private Photos
Users of the dating/hookup app Jack’d just got a very unpleasant surprise.
Jack’d is one of the most popular gay dating apps in the Western world and is highly popular with men of color. Unfortunately, those app users now know that their privates are literally exposed.
British news source The Register reports that photos from the gay app can be found and viewed online. While app users can hide NSFW photos behind a “privacy wall," which can then be selectively lowered for prospective dates, it appears that wall is pretty suseptible to hacking.
Researcher and tech expert Oliver Hough was the one to find the security breach, and says he reported it to the Jack’d team three months ago. But after Jack’d failed to fix the problem, he then reached out to The Register.
It seems a programming bug allows tech savvy internet users access to a large database of photos. Hackers don’t even need to login to their Jack’d account or even have an account in the first place. Not only are private photos available, but so too are public ones as well.
There is one saving grace for users, however, in that the photos aren’t connected to accounts. As such, the only viable way to link a photo to a specific person is by identifying them the hard way.
Mark Girolamo, CEO & CFO at Online-Buddies, the parent company of Jack'd, shared this statement with Global Dating Insights:
Our tech team is aware of the photo vulnerability and has already programmed the changes for this fix. They will deploy the fix this Thursday, February 7.
This is yet another breach of trust and personal data between GBT+ users and dating apps. Last year, Grindr faced mass scrutiny and criticism after it was revealed that they were giving out personal dating like the HIV statuses of its users. That data was also easily accessible to hackers.
It was another researcher who discovered this data breach and notified reporters.
“It allows anybody who is running the network or who can monitor the network – such as a hacker or a criminal with a little bit of tech knowledge, or your ISP or your government – to see what your location is,” Cooper Quintin, a senior staff technologist and security researcher at the Electronic Frontier Foundation, said on the issue.
“When you combine this with an app like Grindr that is primarily aimed at people who may be at risk – especially depending on the country they live in or depending on how homophobic the local populace is – this is an especially bad practice that can put their user safety at risk,” Quintin added.
While many gay app users may want to be wary of what they share on programs like Jack’d and Grindr, it appears that outside researchers are the real ones protecting citizens from irresponsible tech companies.
h/t: The Register