An India-based dating app with a multi-million-dollar valuation recently suffered a critical security flaw that may have exposed users’ private chat images and allowed hackers to impersonate other users, according to ethical hacker Nisarga Adhikary, who discovered the vulnerability.
Speaking exclusively to Times Now Tech, Adhikary, who exposed vulnerabilities in the Central Board of Secondary Education (CBSE)’s On-Screen Marking (OSM) system, said the flaw was “very critical and severe” because it exposed all user images and sensitive infrastructure credentials.
“This was a very critical and severe vulnerability as it was leaking all user images and we also had keys which put us in a position where we could impersonate other users,” he added.
The ethical hacker recently shared details of the discovery on X and revealed that he had gained access to the dating app’s Amazon S3 buckets, users’ media files, signing keys, private keys and other sensitive infrastructure secrets.
However, he has not publicly disclosed the name of the app.
“I’ve been asked to not mention the name of the dating app by their team and I don’t want to cause any harm to them,” he told Times Now.
When asked whether the company had responded after he reported the issue, Adhikary confirmed that its Chief Technology Officer acknowledged the report and began working on a fix.
“Yes, their CTO responded saying that they are working to patch the vulnerabilities after my tweet,” he said.
Adhikary also confirmed that private chat images and other user data were directly accessible because of the security flaw.
Sharing advise for users, Adhikary urged people to avoid uploading highly sensitive content on dating platforms.
“The best way to protect yourself is to not share critical or sensitive information or images on apps like these. Always use end-to-end encrypted apps like Signal for that,” he said.
At present, there is no evidence that anyone misused the vulnerability before it was reported. However, this incident shows how security flaws in apps that store personal information can put users at risk.


