Jack'd gay dating app exposes private photos
In February 2019, publicity led the gay dating app Jack'd, which claimed to have more than 5 million users and was ranked among the top four gay social apps on both Apple and Android, to close a security flaw that meant that photos users uploaded to share in private chat sessions were accessible to the open web via the app's Amazon Web Services S3 bucket. Location and other metadata about users was also accessible. The company had been told of the security flaw a year earlier by researcher Oliver Hough, and again three months earlier by Ars Technica.
Writer: Sean Gallagher
Publication: Ars Technica