It’s the digital equivalent of leaving your bedroom window wide open during a very private moment. Nearly 1.5 million images—many explicit—were left unguarded online by M.A.D Mobile, the company behind a collection of niche dating apps like BDSM People, Chica, and the LGBTQ-focused Pink, Brish, and Translove. Anyone with the link could feast their eyes on intimate photos, some of which had been deleted or were shared privately.
The scandal has rattled an estimated 800,000 to 900,000 users, many from the LGBTQ community, who trusted these platforms to handle their identities and bodies with discretion. The unprotected treasure trove of images was discovered by ethical hacker Aras Nazarovas from Cybernews, who accessed the content without even needing a password. “The first image I saw was a naked man in his thirties,” Nazarovas said. “As soon as I saw it, I realized this folder should not have been public.”
And it wasn’t just profile pics on display. Private messages, moderation-rejected images, and likely more than a few risqué selfies were all sitting there, ripe for hackers and extortionists. The risk is especially grave for users living in countries hostile to LGBTQ people, where being outed could mean social exile or even legal punishment.
Security Alert, Fashionably Late
M.A.D Mobile was first tipped off about the privacy fiasco back in January—but like a bad first date, they ghosted the situation until a BBC journalist slid into their inbox months later. Only then did the company patch up the gaping vulnerability, issuing a lukewarm thank-you to Nazarovas and promising an app update “in the coming days.” What they didn’t offer: any transparency about why it took months to act, or where their operations are even based.
“There’s no guarantee I was the only one who saw this,” warned Nazarovas, who chose to go public with the flaw before it was fixed, citing concerns that the company wasn’t taking it seriously. “It’s always a difficult decision, but we think the public need to know to protect themselves.”
This isn’t the first time a dating app has mishandled private data—Ashley Madison’s infamous breach in 2015 revealed details of millions. But it hits differently when queer people are involved. For many LGBTQ users, dating apps are one of the few safe spaces to connect, especially in repressive environments. When those safe spaces turn out to be anything but, it’s not just a tech failure—it’s a betrayal.
For the LGBTQ Community, This Isn’t Just About Data
Let’s be real: most people on queer or kink dating apps are already putting themselves out there in vulnerable ways. For their nude photos, sexts, or flirtations to be left exposed because a company couldn’t lock a digital door is beyond careless—it’s dangerous. This breach isn’t just about cybersecurity; it’s about trust, safety, and the right to be private while being proud.
So here’s a message to every app developer out there: LGBTQ people don’t owe you their data, their bodies, or their risk. If you’re going to build spaces for us, secure them like your community depends on it—because it does.