Make of Gay dating app Jack’d has been fined $240,000 after the company failed to respond to a vulnerability that leaked the users’ private photos online for more than a year.
According to the officials in New York, the company behind the app, Online Buddies, Inc. failed to take measures after widespread press coverage about data leak back in February. As a result, the Office of New York Attorney General Letitia James has imposed the fine. According to the officials, the company will be required to make substantial changes in order to improve the app’s security.
Earlier this year, several tech news sites ran stories about a security researcher’s findings on an AWS S3 server which contained images that didn’t require any password or any other security measures to access and share. The researcher eventually tracked the images back to the company in question. Although the researcher notified the company, it acknowledged the problem but didn’t implement any changes to solve the issues which were causing the leaks.
As a result, the officials have now fined the company for its disregard for privacy of its users.
“During the period that Online Buddies knew about the vulnerabilities but had not yet fixed them, the company also failed to implement any stopgap protections, establish logging to detect any unauthorized access, warn Jack’d users, or change representations about the privacy of their private photos and the security of their personally identifiable information.”