Jewish Dating App Jcrush Leaves 200,000 Users’ Personal Data Exposed
(JTA) — A security lapse at the JCrush dating application for Jews left sensitive personal data of about 200,000 users exposed.
The breach, rooted in the site’s failure to encrypt its data, gave anyone who knew where to look access to users’ real name, gender, email address, IP address, location, age, sexual preferences and religious denomination, TechCrunch reported Tuesday.
It even allowed access to logged correspondence on the site’s chat platform.
Data security experts Noam Rotem and Ran Locar shared their findings TechCrunch.
Depending on how the user signed up, the records also show the user’s Facebook ID, which points directly to their Facebook profile. It also includes the access token, which can be used to take over a JCrush user’s account without needing their password.
In some cases, the geolocation data was so accurate it was easy to identify exactly where some users lived — especially in residential neighborhoods.
A spokesperson for JCrush’s parent company, Northsight Capital, said it was “aware” of the situation and “secured the database immediately when the problem occurred,” TechCrunch reported.
“There have not been any indications that the data had been accessed by malicious parties or misused in anyway,” said the company.
A message from our CEO & publisher Rachel Fishman Feddersen
I hope you appreciated this article. Before you go, I’d like to ask you to please support the Forward’s award-winning, nonprofit journalism during this critical time.
At a time when other newsrooms are closing or cutting back, the Forward has removed its paywall and invested additional resources to report on the ground from Israel and around the U.S. on the impact of the war, rising antisemitism and polarized discourse.
Readers like you make it all possible. Support our work by becoming a Forward Member and connect with our journalism and your community.
— Rachel Fishman Feddersen, Publisher and CEO