Last week, I posted findings from Cybernews on the security weaknesses in popular iOS dating apps such as BDSM People and PINK. Today, I’m bringing your attention to another shocking discovery: a serious security flaw in the app Gay Daddy: 40+ Date & Chat that directly threatens the privacy and safety of its users.
Cybernews researchers uncovered that the app is leaking over 50,000 user profiles and 124,000 private messages, exposing sensitive data such as names, ages, relationship status, HIV status, location data, and even private photos – everything from awkward selfies to, well, let’s just say, less-than-innocent “self-expressions.”
Why? Hardcoded credentials and misconfigured Firebase security left the app’s backend wide open to anyone with basic technical knowledge. While the app markets itself as a “private and anonymous community,” the reality was anything but secure.
The app’s API keys and cloud storage credentials were also leaked, which makes exploitation even easier.
The app has an estimated 20,000+ downloads and a 3.7-star rating on the App Store in the US.
Due to this flaw, users could be targeted by scammers, blackmailers, or even face physical harm, especially in regions where LGBTQ+ individuals face discrimination.
Read the full report here.
Like this:
Like Loading...
Related
This entry was posted on April 2, 2025 at 10:44 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
50K users exposed in “Gay Daddy” iOS app security lapse – Cybernews
Last week, I posted findings from Cybernews on the security weaknesses in popular iOS dating apps such as BDSM People and PINK. Today, I’m bringing your attention to another shocking discovery: a serious security flaw in the app Gay Daddy: 40+ Date & Chat that directly threatens the privacy and safety of its users.
Cybernews researchers uncovered that the app is leaking over 50,000 user profiles and 124,000 private messages, exposing sensitive data such as names, ages, relationship status, HIV status, location data, and even private photos – everything from awkward selfies to, well, let’s just say, less-than-innocent “self-expressions.”
Why? Hardcoded credentials and misconfigured Firebase security left the app’s backend wide open to anyone with basic technical knowledge. While the app markets itself as a “private and anonymous community,” the reality was anything but secure.
The app’s API keys and cloud storage credentials were also leaked, which makes exploitation even easier.
The app has an estimated 20,000+ downloads and a 3.7-star rating on the App Store in the US.
Due to this flaw, users could be targeted by scammers, blackmailers, or even face physical harm, especially in regions where LGBTQ+ individuals face discrimination.
Read the full report here.
Share this:
Like this:
Related
This entry was posted on April 2, 2025 at 10:44 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.