SECURITY
SECURITY
SECURITY
Photos from gay dating app Jack’d exposed via misconfigured AWS instance
In yet another case of cloud storage misconfiguration, private pictures shared by users of gay dating app Jack’d have been found exposed to all and sundry on an Amazon Web Services Inc. instance.
Jack’d is a gay dating app that connects gay guys wanting to meet or hookup worldwide with more than 1 million downloads from the Google Play store. Users are able to chat privately with other users, including sharing X-rated pictures.
Discovered by security researcher Oliver Hough and first reported Tuesday by The Register, the exposed AWS S3 instance was storing all the pictures shared between Jack’d users.
The security was so lacking that Hough claims anyone with a web browser could access the pictures if they knew where to look.
“As there is no authentication, no need to sign up to the app, and no limits in place, miscreants can therefore download the entire image database for further havoc and potential blackmail,” the report noted.
If exposing private pictures isn’t bad enough, Hough claims that he informed the company behind app, LD Interactive LLC, three months ago that the data was exposed but nothing was done to rectify the situation.
Given growing attention to the data breach, the misconfigured AWS instance has now been fixed, but the fact that the company knew about the issue for months and did nothing is not confidence-building.
Jack’d is not the first company to expose its data this way and it certainly won’t be the last.
Previous cases of AWS configuration malfeasance include Accenture PLC, U.S. Army Intelligence and Security Command, Verizon Communications Inc., TigerSwan, FedEx Corp., Octoly, True Corp and Veeam Software Inc.
Image: Jack’d
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
