In whats quickly becoming one of the most alarming digital privacy failures of the year, a series of LGBTQ+, fetish, and sugar dating apps have been exposed for leaking troves of sensitive user data and the worst breach yet might be an app called Gay Daddy.Touted on the App Store as a private and anonymous space for gay and bisexual men over 40, Gay Daddy: 40+ Date & Chat was found by Cybernews researchers to be leaking over 50,000 user profiles and more than 124,000 private messages, including locations, names, HIV status, relationship details, and explicit photos. The database was so unprotected that anyone with a little technical savvy could snoop through users most intimate content without restriction.Users expect the app to be discreet, but it is completely the opposite, Aras Nazarovas, a Cybernews security researcher, said in the April 2 report. The leak stemmed from hardcoded credentials in the apps code and a misconfigured Firebase database a back-end tool developers use to manage things like logins and chat features. Gay Daddy also leaked its cloud storage bucket, authentication keys, and other sensitive endpoints, potentially giving attackers long-term access to its users' data.The apps developer, Surendra Kumar, did not respond to Cybernews request for comment, though the leaking database has since been taken offline. Still, the damage may be done especially for queer users in countries where being gay can mean harassment, arrest, or worse.This data leak compromises app users security, allowing threat actors to read private messages and obtain contact lists and location data, said Nazarovas. Not only does this expose individuals to cyber threats, but also to risks of financial, psychological, and even physical harm, particularly given the prevailing stigmas surrounding homosexuality in certain countries. And Gay Daddy wasnt alone. Cybernews also revealed on April 1 that apps like BDSM People, CHICA, TRANSLOVE, PINK, and BRISH many owned by a single developer, Mobile Apps Developers Limited (MAD) were all found leaking private user photos due to similarly shoddy coding practices. In total, more than 1.5 million explicit images were exposed, many of which were shared in private chats or used for profile verification.While none of the leaks directly exposed names or emails, experts warn that open-source intelligence tools like reverse image searches make it possible to identify individuals raising the risk of blackmail, harassment, and outing.As Nazarovas put it to Metro, Images accessed by bad actors could have been used for blackmail and intimidation. Finding out that these images were leaked would likely cause distress, trust issues, as well as other harm to the users mental health.With LGBTQ+ users already vulnerable to targeted attacks, the implications of such a sweeping breach are chilling. At a time when queer lives are increasingly politicized and policed, privacy should not be optional.