50K users exposed in "Gay Daddy" iOS app security lapse, research finds

April 2025 by CyberNews

Last week, you received our findings on the security weaknesses in popular iOS dating apps such as BDSM People and PINK. Today, we’re bringing your attention to another shocking discovery: a serious security flaw in the app Gay Daddy: 40+ Date & Chat that directly threatens the privacy and safety of its users.

Cybernews researchers uncovered that the app is leaking over 50,000 user profiles and 124,000 private messages, exposing sensitive data such as names, ages, relationship status, HIV status, location data, and even private photos – everything from awkward selfies to, well, let’s just say, less-than-innocent "self-expressions."

Why? Hardcoded credentials and misconfigured Firebase security left the app’s backend wide open to anyone with basic technical knowledge. While the app markets itself as a “private and anonymous community,” the reality was anything but secure.

The app’s API keys and cloud storage credentials were also leaked, which makes exploitation even easier.

The app has an estimated 20,000+ downloads and a 3.7-star rating on the App Store in the US.

Due to this flaw, users could be targeted by scammers, blackmailers, or even face physical harm, especially in regions where LGBTQ+ individuals face discrimination.

“This is a textbook case of how poor security practices can put real people at risk,” said Aras Nazarovas, lead researcher at Cybernews. “For an app promising anonymity, it’s shocking to see how easily a user’s private conversations, personal details, and even location data could be accessed.”