Ben
There should be few people left in the world who believe that information uploaded to a website, forum, dating service or any other app will remain private. And yet people continue to upload every waking second of their lives to one network or another.
In the past, we’ve seen instances of dating sites being hacked, data leaking out by accident, way too many unsecured Amazon S3 buckets, chastity cages that can be locked by hackers, and then, of course, there was the massive Ashley Madison hack a few years ago.
In the most recent instance of ‘oh god, do I have an account there?‘, security researchers at vpnMentor have disclosed a now-patched vulnerability in the now-defunct x-rated social media app Fleek.
Launched in 2015 as a debauched rival to Snapchat, Fleek had no rules, and no moderation of content. Combine this with a target audience of college students, and you end up with photo sharing app that has all kinds of images, no matter how explicit or illegal the actions of the users may be. It closed in 2019, but user data wasn’t deleted.
You can probably see where this is going.
Fast-forward to 2021, and vpnMentor says that those images were all left in an unsecured S3 bucket, available for anyone to access. The gaping hole was discovered in October 2020, and fixed one week after being informed about the issue, despite the app having gone offline in 2019.
“During our investigation, we reviewed many images of users engaging in embarrassing and illegal activities and sharing sexually explicit photos of themselves. Many of these were shared in folders given offensive and derogatory names like ‘asianAss’ by the app’s developers,” vpnMentor says.
As an additional unfortunate outcome for the developers of the app, while uncovering the user images, vpnMentor also discovered that the company appeared to be using fake user accounts to entice users (men) into paying for a private chat room with other users.
“The S3 bucket contained both the fake accounts’ images and examples of automated text message scripts sent by the bot accounts,” vpnMentor adds.
While it’s undoubtedly the responsibility of the company providing the service to secure user data, and putting aside potential legal ramifications for Fleek’s owners aside, what can be learnt from this latest security vulnerability by users of dating and social apps?
Stop uploading and sharing all the things that are going to make you embarrassed, at best, or ruin your future in some way, at worst. Start from the presumption that every network you use will eventually be compromised, and you’ll probably be on the right track.
Read Next: Ultimate Browsing Privacy Guide
