Jack’d users just got jacked.
According to The Register, due to a major security flaw, x-rated photos, videos, and chats privately shared between users on the app are available to view by anyone online. Not just that, but they can be seen without logging in or installing the app.
The Register reports:
Those photos, public and private, can be accessed by anyone with a web browser and who knows just where to look, though, it appears. As there is no authentication, no need to sign up to the app, and no limits in place, miscreants can therefore download the entire image database for further havoc and potential blackmail.
The security breach was first discovered by Oliver Hough, who says he reported it to Jack’d three months ago. So far, he says, nothing has been done to fix it.
Editors at The Register say they’ve verified the flaw but they’ve chosen to withheld specific details “to discourage exploitation”. They also say repeated requests to Jack’d, as well its parent company Online Buddies, for comment have been ignored.
Obviously, having the private images of users accessible to the whole world is not an intended function of the app. Apart from leaking highly compromising snaps of folks, some of its users may not be publicly out as gay or bi, and thus a trove of compromising images of them sitting on the web is not particularly great for their welfare – particularly if homosexuality is illegal where they live.
So that’s all pretty terrible; however, there’s one teeny tiny tidbit of good news. According to Hough, there doesn’t appear to be any way to connect x-rated photos and videos to a specific person’s profiles.
In other words: Your nudie pics may be floating around on the internet, but at least your name’s not attached to them.