Chinese Social Network Platform Leaked Sensitive User Media

• An Amazon bucket containing sensitive user image files and videos has been left to public access configuration.
• Some of the users only had their faces exposed, as there were no other details in the bucket.
• Amazon secured the instance after 48 hours, but the risk of extortion and cyber-bullying is still there.

People share all kinds of stuff on social media as they engage with other users on a wide range of communications. Sexting is part of this interaction between the users, especially during these times of self-isolation, so having NSFW media fly around on social media isn’t unheard of.

The complications arise only when this media is leaked beyond its intended recipient. One of the sure ways to make this happen is via a security lapse on the platform itself.

The investigators of CyberNews have discovered such a case potentially involving the social media platform “LimitChat,” owned by a Beijing-based company. What the team discovered was an unsecured Amazon bucket containing the following NSFW media:

• 83,016 images
• 4,932 videos
• 43,369 audio clips
• 899 gifs

The bucket only contains media files, so there are no names, usernames, email addresses, or any other information that points to the identity of specific people. The bucket’s ownership was assumed based on its name, so the attribution isn’t 100% confident. The researchers discovered the bucket at the start of the month, contacted Amazon, and confirmed that it was secured about 48 hours later.

While most of the images don’t show people’s faces, many are, which could introduce risks of cyber-bullying or extortion for the victims. These are very sensitive media that were not meant to become widely available, as the implications of such an event would be dire. It is certainly a betrayal of user trust, but users themselves should know better.

When you’re using smaller social media platforms that don’t employ many people and thus have limited resources to allocate in securing user data, try not to overexpose yourself. Also, do not reveal your real identity through these platforms in any way, especially when looking to engage in sexting.

Preferably, share NSFW media through platforms that feature end-to-end encryption, don’t store your messages or shared files on any servers, and generally respect user privacy. Signal, Telegram, Threema, and Keybase are all great choices for this purpose. When you meet someone on a social media platform and want to take things further, do it in a safer space.