Data leak on dating apps: nude photos of 1.5 million users exposed!

Data leak on dating apps: nude photos of 1.5 million users exposed!

On April 2, 2025, the BBC reported a major data breach involving five niche dating apps. This security breach resulted in around 1.5 million private photos being exposed unprotected on the internet for months. The apps affected are BDSM People, Chica, Pink, Translove and Brish, which have an estimated total of 800,000 to 900,000 users worldwide. The published images come from both profiles and private chats, including content that had already been deleted. Security researcher Aras Nazarovas identified the vulnerability in the source code of BDSM People, after which the access credentials to an unprotected storage became publicly available.

What is particularly alarming is that these photos could be used for identification by facial recognition software, which can be life-threatening for many sufferers in countries with a ban on homosexuality. In addition, there are risks related to cybercrime and extortion. M.A.D Mobile, the company behind these apps, was made aware of the issue on January 20, 2025, but only responded after a request from the BBC in late March. An explanation for the delay is still pending. The incident is reminiscent of the data theft at Ashley Madison in 2015 and raises questions about data security in the industry, which has recently come under increasing criticism.

The challenges of dating apps

In broader context, a report from NPR highlights the challenges facing dating app companies like Match Group and Bumble. These companies are not only seeing declining stock prices, but also declining user loyalty. The CEOs of both companies have recently resigned from their positions due to these challenges. While Match Group operates over 45 dating apps, including Tinder, OkCupid and Hinge, a paradoxical development emerges: Although dating apps rely on finding users to be successful, they often lose customers once they enter into a meaningful relationship.

Particular attention is being paid to Hinge, which markets itself as “the dating app designed for dating.” This platform relies on a freemium model where basic features are free while premium features are paid. About a third of Americans who have used dating apps have paid for them, spending about $18 to $19 a month. Due to pressure from investor circles, many providers are trying to convert more free users into paying users. This has led to criticism of the degradation of user experience, a phenomenon known as “enshittification,” which threatens the long-term ability of apps to provide healthy user experiences.

Risks and precautions

In Austria, an estimated 600,000 people use dating apps that enable users to quickly and easily find like-minded people using the swipe principle. There are specific apps for different sexual orientations and religious views. Examples include Tinder, Grindr, and Bumble, all of which offer different user experiences. Nevertheless, it is important to take precautions when using such offers to avoid data misuse and other risks. Sensitive data should be protected and the integrity of apps should be thoroughly checked before use.

An example of such risks can be seen at Grindr, where personal data, including location data and health information, is shared with third parties. In 2021, Grindr received a fine for data protection violations. To protect users, it is recommended to only interact with verified profiles when chatting and avoid transferring money to strangers. In addition, the use of public WiFi networks should be preferred. As a responsible measure, to protect yourself from love scams, users can delete the app if a serious relationship is on the horizon.

Current events and challenges in the dating app industry cast a shadow over the latest developments in online dating platforms. Given the risks and necessary precautions, it remains important for users to be informed of the potential dangers and to actively manage their data security.