Gay dating and hookup app Jack’d has inadvertently exposed user’s private and intimate photos due to a security flaw left unaddressed for months.
The flaw in the app’s security platform was found three months ago and was reported to Jack’d by researcher Oliver Hough, tech website The Register reported.
Jack’d allows users to upload private pictures and then unlock them to people they choose.
But anybody aware of the flaw was able to view the private photos of all users, without logging in or even installing the app.
“The app should place strict access restrictions on which images should be viewable, so that if one user allows another user to see a sext pic, only the receiver should be allowed to see it,” Hough said.
“Instead, it is possible to see everyone’s naked selfies, to be frank.”
Although the private photos uploaded by Jack’d users could be downloaded from the app’s database, they were not linked to any user accounts, making it very challenging identify the photos’ owners.
Online Buddies, the app’s parent company, told media on Thursday their tech team had knowledge of the ongoing issue and it would soon be resolved.
“Our tech team is aware of the photo vulnerability and has already programmed the changes for this fix,” CEO Mark Girolamo said.
No answer was provided as to why the company did not fix the issue three months earlier when it was first reported.
Jack’d has reportedly been installed over 110,000 times by Android device users since its release.
It is also available for iOS users and has five million users scattered all around the globe.
It’s not the first time tech experts have found security vulnerabilities in gay hookup apps.
Last March, one tech professional said he’d discovered that sensitive location data on the app was being sent over the Internet unencrypted, a serious issue for Grindr users in countries not accepting of homosexuality.
Faden earlier made headlines for creating an online tool called “Cockblocked” that allowed Grindr users to see who had blocked them on the app. He later shut the website down after Grindr fixed the vulnerability it used.