"Gay Daddy" dating App leaks data of 50,000 User profiles and private messages
Learn More
A major leak has been discovered in the "Gay Daddy: 40+ Date & Chat" dating app, exposing sensitive personal information of approximately 50,000 users. On January 7, 2025 the Cybernews research team, found that the app's Firebase database was completely unprotected and accessible to anyone with basic technical knowledge.
The breach occurred due to multiple critical security failures. The app's Firebase instance, which stored user data, was left without proper authentication requirements. Additionally, researchers discovered that credentials needed to access the database were hardcoded directly into the app's publicly available code, making it trivial for anyone examining the app to access all user information.
Exposed data includes:
- Full names
- Ages
- HIV status
- Relationship status
- Location data
- Private messages (over 124,000)
- Personal photos (many explicit)
The consequences of this breach are particularly severe given the sensitive nature of the app. Users in countries where homosexuality is stigmatized or illegal could face serious repercussions, including blackmail, exploitation, harassment, and even physical harm. The exposure of HIV status adds another layer of potential discrimination and harm.
Following responsible disclosure by Cybernews, the leaking database has been secured. It's unclear whether malicious actors accessed the data before it was protected. The app developer has not responded to requests for comment.
