Gay Daddy: 40+ Date & Chat app for busted leaking private X-rated photos and HIV status in privacy scandal
A racy gay dating app for over-40s — which prides itself on locating “sugar gay men nearby” and promises privacy — has been caught spilling nude photos, steamy chats and HIV status.
South East
Don't miss out on the headlines from South East . Followed categories will be added to My News.
A raunchy gay dating app catering to men over 40 — which promises users a “private and anonymous community” and the chance to meet “sugar gay men nearby” — has been leaking x-rate photos, explicit messages and users’ HIV status.
Gay Daddy: 40+ Date & Chat has exposed more than 50,000 user profiles and 124,000 private messages including HIV status, location and thousands of private and explicit images, a Cybernews research has found.
Ethical hackers discovered a major coding blunder in the app’s back-end that made it easy for anyone with basic tech skills to exploit the trove of deeply personal content.
Cybernews lead researcher Aras Nazarovas slammed the leak as a “textbook case of how poor security practices can put real people at risk.”
“For an app promising anonymity, it’s shocking to see how easily a user’s private conversations, personal details, and even location data could be accessed,” he said.
Mr Nazarovas said such leaks could make users a target for scammers, blackmailers, or even physical attacks, particularly in regions where LGBTQ+ communities face persecution.
“This leak is worrying as most contain very sensitive, personal material … very easily accessible in one place it would have been very tempting for malicious actors,” he said.
“There are already black market marketplaces for such imagery providing a profit incentive for malicious actors and allowing these images to be more widely spread.”
The app’s API keys and cloud storage credentials were also compromised, making further exploitation even easier.
On Gay Daddy’s privacy policy published online, the app developer Surendra Kumar states that “no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and I cannot guarantee its absolute security”.
Mr Kumar was contacted for comment
Last week, the Herald Sun revealed explicit apps BDSM People, CHICA, TRANSLOVE, PINK, and BRISH exposed 1.5 million private photos — including explicit images.
The apps — developed by UK-based M. A. D Mobile Apps Developers Limited — allowed unauthorised access to storage buckets containing highly sensitive content through a coding flaw putting users at risk of extortion and social engineering attacks.
Monash University cybersecurity lecturer Nigel Phair breaches on explicit hook-up apps were particularly dangerous due to the stigma and personal risk involved.
