The New York Attorney General has filed a complaint about Jack, the gay, bisexual and queer dating app, whose parent company left users' private photos online for at least a year. The company, Online Buddies, pays $ 240,000 and implements an "extended security program" to prevent similar incidents in the future.
The register and Ars Technica reported for the first time about Jack's security issue in February 2019, pointing out that security researcher Oliver Hough had informed the company a year earlier without success. The popular dating app had photos uploaded to a publicly accessible storage space for Amazon Web Services, even if users thought the photos were private. The exposed data includes nude photos and photos revealing the location of a user – potentially putting them at risk of blackmailing or even arresting in some countries. Jack had solved the problem the day before Ars published his story.
The Attorney General Letitia James office said an investigation had confirmed this privacy issue. It also confirmed that "Senior Buddies of Online Buddies were told of this vulnerability in February 2018," as well as another issue that could expose user data. "While Online Buddies immediately recognized the severity of its vulnerabilities, the company was unable to resolve the issues for an entire year, and only after repeatedly asking the press," says a press release.
James & # 39; statement says that Jack had about 7,000 active New York users in that year, of whom about 1,900 had "private images that could be nude photos". Online Buddies says it right now Jack & # 39; d has more than 6 million users around the world and describes himself as & # 39; the most culturally diverse home dating app in the world & # 39 ;. This means that Jack serves many men who are particularly vulnerable to discrimination when their personal details are shown.
While the long waiting time of Online Buddies was a big part of the problem here, security leaks – or the complete sharing of sensitive information – are a constant problem in mobile apps, including dating apps. Grindr used to share users' HIV status with app optimization companies and the takeover by a Chinese company brought national security issues. (The company sold the app later.) Last year, Tinder had to address a serious vulnerability, and a security investigator discovered separately that hackers had access to some non-encrypted user photos & # 39; s.