The bad news just keeps coming for Jack’d users…
Earlier this week, The Register reported that, due to a major security flaw, x-rated pics and videos privately shared between users on the popular hookup app have been publicly available to view online for the past three months.
The security breach was first discovered by Oliver Hough, who now says he actually reported it to Jack’d a year ago, not three months ago, as originally reported.
That’s right, folks. All your most scandalous pics and videos have been publicly accessible for at least a year. Maybe longer. That’s just when Hough discovered the flaw and alerted developers, who did nothing to remedy the situation.
How about we take this to the next level?
Our newsletter is like a refreshing cocktail (or mocktail) of LGBTQ+ entertainment and pop culture, served up with a side of eye-candy.
Hough tells Out that he first discovered the bug while investigating several different dating apps to see how they work. Specifically, he wanted to know how information was shared between the app and the servers where data was stored.
It didn’t take long for him to notice that the way Jack’d stored their photos, both public and private, allowed for anyone, regardless of whether they had a Jack’d profile, to access them.
Hough emailed the company about the flaw in February 2018. He received a response saying they’d “look into it.” He kept an eye on the flaw and says nothing was ever fixed. When he reached out to Jack’d again, they stopped responding.
It wasn’t until after The Register published its story this week that Mark Girolamo, CEO of Jack’d parent firm Online Buddies, issued a short statement, saying: “Our tech team is aware of the photo vulnerability and has already programmed the changes for this fix. They will deploy the fix tomorrow, February 7.”
But Hough says Jack’d waited way too long to address the problem, allowing for millions of private photos and videos to be accessed without users’ knowledge or consent.
“I don’t feel they were quick enough to respond and I believe they only rushed to get it fixed after they knew the story was going to be published,” he tells Out. “I’m glad they have rolled out a fix, though it took too long to get here.”
But it gets worse.
According to Ars Technica, the problem extended beyond just leaking people’s private pics and videos.
The app also exposed their locations and other information that could potentially expose a person’s identity. This is particularly concerning for users who live in places where homosexuality is illegal.
Both Hough and Ars Technica have confirmed that the flaw appears to be corrected; however, Hough says he plans to continue testing to ensure there are no other ways around the fix.
In the meantime, we’ll definitely be staying off Jack’d for a while.
Related: Jack’d users just got jacked! All your private pics and videos are available to view online
PLAYS WELL WITH OTHERS
All these apps suk!! I recently decided to give Tinder a try…..I did some swiping and was notified I have 14 likes, however in order to see the guys who liked me I have to upgrade to a premium for pay version.
If I like a service, I have no prob paying for it. To hold likes hostage before trying out the service is absolutely bullthit!!
Greg
Isn’t Tinder for straight people? Are you female?
djmcgamester
@Greg Tinder is for anyone. There was a time when it was an alternative to Grindr for straight people but that’s no longer the case.
Bob LaBlah
I look at it the same what the owner of Jack’d did. Why spend tens, perhaps hundreds of thousand of dollars fixing a security breach on a site where people could care less who saw the pics/vids that THEY posted of naked rear ends or bragging about the sex acts they are more than willing to perform as long as they thought those things were limited to just the people who were on the site. Nothing is private anymore and you do so at your own risk. With hundreds of thousand of people on these hookup sites I ask again, who cares? Over half of those pics are not of the person who posted them anyway. I don’t blame Jack’d at all. If your that paranoid about people learning your that your so desperate for attention you’ve become an more or less public exhibitionist then simply don’t post the pic/vid and stay off of those sites.
Greg
It’s “couldn’t care less”. If a person could care less, that means they do care. Like if you could care less about what I am telling you. That means you care, but you could care less. If you couldn’t care less, that means you are the lowest point of caring. You can’t go any less.
I’m not even going to get into “your” and “you’re”.
Bob LaBlah
Thank you, Miss Manners, I stand corrected. I swear if I didn’t know better I’d say your in competition with ol’ Mo Bro for aliases. And by the way, I am NOT accusing YOU of being him either, copycat.