Fleek leak: Stop putting the most stupid stuff you do online. Seriously.

1
Fleek user images leaked

There should be few people left in the world who believe that information uploaded to a website, forum, dating service or any other app will remain private. And yet people continue to upload every waking second of their lives to one network or another.

In the past, we’ve seen instances of dating sites being hacked, data leaking out by accident, way too many unsecured Amazon S3 buckets, chastity cages that can be locked by hackers, and then, of course, there was the massive Ashley Madison hack a few years ago.

In the most recent instance of ‘oh god, do I have an account there?‘, security researchers at vpnMentor have disclosed a now-patched vulnerability in the now-defunct x-rated social media app Fleek.

Launched in 2015 as a debauched rival to Snapchat, Fleek had no rules, and no moderation of content. Combine this with a target audience of college students, and you end up with photo sharing app that has all kinds of images, no matter how explicit or illegal the actions of the users may be. It closed in 2019, but user data wasn’t deleted.

You can probably see where this is going.

Fast-forward to 2021, and vpnMentor says that those images were all left in an unsecured S3 bucket, available for anyone to access. The gaping hole was discovered in October 2020, and fixed one week after being informed about the issue, despite the app having gone offline in 2019.

Some of the user images uploaded to Fleek, discovered by vpnMentor in an unsecured data store.

“During our investigation, we reviewed many images of users engaging in embarrassing and illegal activities and sharing sexually explicit photos of themselves. Many of these were shared in folders given offensive and derogatory names like ‘asianAss’ by the app’s developers,” vpnMentor says.

As an additional unfortunate outcome for the developers of the app, while uncovering the user images, vpnMentor also discovered that the company appeared to be using fake user accounts to entice users (men) into paying for a private chat room with other users.

“The S3 bucket contained both the fake accounts’ images and examples of automated text message scripts sent by the bot accounts,” vpnMentor adds.

While it’s undoubtedly the responsibility of the company providing the service to secure user data, and putting aside potential legal ramifications for Fleek’s owners aside, what can be learnt from this latest security vulnerability by users of dating and social apps?

Stop uploading and sharing all the things that are going to make you embarrassed, at best, or ruin your future in some way, at worst. Start from the presumption that every network you use will eventually be compromised, and you’ll probably be on the right track.

Read Next: Ultimate Browsing Privacy Guide

Affiliate Disclosure
Some articles contain affiliate links that allow us to earn money if you decide to purchase any of these products or services. This does not cost you any extra money, and it allows us to continue to run this website. Affiliate links have no relation to review ratings or other editorial coverage. You can read the full policy here.

Ben

Ben

I started this site and keep it running. Tech. Sex. The future. SEXTECHGUIDE is a place to look a bit closer at that the place where those things meet. My regular work is currently found on WIRED, TrustedReviews, The Inquirer, V3, The Next Web and many more sites. I'm available to hire, or for media consultation/training for startups. If you want to get in contact, shoot an email to [email protected]

Leave a Reply

Sending

SEXTECHGUIDE
Logo