Popular gay hookup and dating app Jack’d is facing scrutiny after a security glitch exposed millions of private photos.
Users of the app, which has been downloaded more than five million times on the Google Play app store, can upload photos, which they can share discreetly with select matches.
However, mortified users got the shock of their lives when they learned that their private photos were available to anyone with access to the internet.
Researcher Oliver Hough discovered the flaw in the system, which saw all photos — both private and public — being uploaded on the same online server.
He explained to BBC News that the app is meant to let members add “private” photos to their profile, which should only be visible to specific people they decide the share them with.
But that’s not all. Tech blog Ars Technica discovered that Jack’d was also exposing location data about users.
The app’s CEO, Mark Girolamo, said that they’re currently working to fix the problem, but as of Thursday, users’ private photos were still available to the public.
The app’s glitch has drawn massive scrutiny on social media, with some people saying that the security breach has even compromised the safety of users who are closeted in countries that are not LGBT-friendly.
“They acknowledged my report but then just went silent and did nothing,” Hough told BBC News.
“A journalist contacted them in November and they did the same.”