Gay dating app Jack’d will pay almost a quarter of a million dollars after the app publicly exposed members’ private nudes.
Millions of private photos were leaked online, with anyone – even those without a Jack’d account – having access.
Jack’d allows members to add “private” photos to their profile that are only visible to specific users that the member chooses. However, a researcher found that all the photos uploaded to an open web server.
According to BBC, Online Buddies, which owns the app, was warned about the bug by cyber-security researcher Oliver Hough in February 2018 but failed to implement a fix until February 2019.
“They acknowledged my report but then just went silent and did nothing,” Hough said. “A journalist contacted them in November, and they did the same.”
“The app put users’ sensitive information and private photos at risk of exposure and the company didn’t do anything about it for a full year just so they could continue to make a profit,” said New York Attorney General Letitia James.
James came to a settlement with Online Buddies which requires them to pay $240,000 to New York state and implement a “comprehensive security program.”