In today’s digital world, privacy is everything—especially for those navigating the often tricky waters of online dating. So, when the “Gay Daddy: 40+ Date & Chat” app, which markets itself as a safe and discreet space for older LGBTQ+ individuals to connect, suffered a massive data breach, it wasn’t just a technical failure—it was a complete breakdown of trust.
On January 7, 2025, the Cybernews research team uncovered a devastating security flaw. The app’s Firebase instance was leaking over 50,000 user profiles and 124,000 private messages. Firebase, a tool used by developers for data storage and real-time features, had no authentication requirements, leaving sensitive data completely exposed. Names, ages, HIV status, locations, photos, and personal messages were all available to anyone with basic technical knowledge.
RELATED: Compton Man Used Dating App To Rob More Than 20 Gay Men
As Aras Nazarovas, a security researcher at Cybernews, put it: “Users expect the app to be discreet, but it is completely the opposite.” The breach was a direct contradiction to the app’s promises of privacy, and for many users, it shattered the illusion of safety. For people in communities where being openly gay can be risky, this leak wasn’t just embarrassing—it was potentially dangerous.
The breach wasn’t limited to just user data. Other sensitive information, such as cloud storage keys and API tokens, were also compromised. Firebase, typically used for temporary storage, should have been periodically purged as it filled up, but an attacker could have lingered, scraping data for years. This means that the damage caused by the breach could be even more extensive than initially realized.
But the story doesn’t end there. The app’s developer, Surendra Kumar, was contacted for comment by Cybernews, but there was no response at the time of writing. This lack of accountability only adds insult to injury for users who trusted the app with their personal information. It’s hard not to feel betrayed when the app that promised to protect your privacy goes silent when you need them most.
Sadly, this isn’t the first time LGBTQ+ apps have suffered such breaches. Other apps like BDSM People, CHICA, TRANSLOVE, and PINK have all faced similar issues, exposing private photos and sensitive data. The repeated nature of these failures highlights a troubling trend in app development, particularly for apps aimed at vulnerable communities.
As Nazarovas emphasized, “Make use of appropriate Firebase security rules to ensure only authorized and authenticated users and services can access the data stored within.” This is not rocket science—stronger encryption, secure authentication, and proper backend infrastructure are the bare minimum when it comes to protecting users’ sensitive information. Developers need to take these steps seriously, especially when dealing with people who are already vulnerable due to social stigmas.
The “Gay Daddy” breach is a painful reminder of how easily trust can be broken. It’s not just about a few exposed profiles or private messages; it’s about a fundamental failure to protect people who need safe spaces online. If this app, and others like it, want to rebuild their reputations, they must learn from this disaster. It’s time for developers to prioritize security, protect user data, and restore the trust they’ve broken—before it’s too late.
Source: Cybernews