Dating app users of Feeld, a platform tailored for alternative relationship preferences, face potential privacy risks after cybersecurity specialists uncovered several vulnerabilities. These security gaps could allow unauthorized access to messages, intimate photos, and details of users' sexuality, sparking concerns about data safety.

A Growing Concern

Feeld, a UK-registered app, has recently reported significant financial growth, praising its diverse user base comprising non-monogamous, queer, and kink-friendly individuals. However, alongside financial success, a British cybersecurity firm discovered critical weaknesses in Feeld's security earlier this year, prompting urgent corrective measures from the app.

Vulnerabilities Identified

The discoveries were made through "pentesting", a security assessment practice used to identify exploitative vulnerabilities. Researchers revealed that it was possible to access chat messages, attachments, and even modify user profiles. Furthermore, issues such as recovering deleted chats and viewing time-limited explicit content indefinitely were shown to be feasible with merely a user's "stream user ID."

Security Measures and Response

In response, Feeld addressed and resolved the vulnerabilities within two months. Despite closing off these gaps, the company chose not to disclose the issues publicly, considering it a strategic move to prevent attracting "bad actors."

Adrian Tiron from Fortbridge, the cybersecurity firm responsible for the findings, highlighted that while these were not the most intricate bugs, their potential impact was significant due to Feeld’s extensive user base. Ensuring user security, he emphasized the necessity for more stringent action beyond verbal commitments by companies.

Legal and Ethical Implications

Legal expert Alex Lawrence-Archer pointed out potential consequences for Feeld, citing data protection laws if sensitive user data was proven accessible. Additionally, there are fears over the potential outing of LGBTQ+ users in regions where such identities face legal challenges.

The UK's Information Commissioner's Office (ICO) has yet to receive a formal data breach report from Feeld. According to Feeld, no evidence has indicated unauthorized data access. Nonetheless, the potential for regulatory investigation looms if proven that user data had been compromised.

As the platform continues to prioritize user security, Feeld has expressed its commitment to ongoing collaborations with cybersecurity experts to strengthen its systems further, ensuring a more secure experience for its community.

This insight into the Feeld app's recent challenges was brought to light through a report by The Guardian.