Dating-slash-hook-up app Jack’d is exposing to the public internet intimate snaps privately swapped between its users, allowing miscreants to download countless X-rated selfies without permission.
The phone application, installed more than 110,000 times on Android devices and also available for iOS, lets primarily gay and bi men chat each other up, exchange private and public pics, and arrange to meet.
Those photos, public and private, can be accessed by anyone with a web browser and who knows just where to look, though, it appears. As there is no authentication, no need to sign up to the app, and no limits in place, miscreants can therefore download the entire image database for further havoc and potential blackmail.
You may well want to delete your images until this issue is fixed.
We’re told the developers of the application were warned of the security vulnerability three months ago, and yet no fix has been made. We’ve repeatedly tried to contact the programmers to no avail. In the interests of alerting Jack’d users to the fact their highly NSFW pictures are facing the public internet, we’re publishing this story today, although we are withholding details of the flaw to discourage exploitation.