Jewish Dating App Jcrush Leaves 200,000 Users’ Personal Data Exposed
Image by tommaso79/iStock
(JTA) — A security lapse at the JCrush dating application for Jews left sensitive personal data of about 200,000 users exposed.
The breach, rooted in the site’s failure to encrypt its data, gave anyone who knew where to look access to users’ real name, gender, email address, IP address, location, age, sexual preferences and religious denomination, TechCrunch reported Tuesday.
It even allowed access to logged correspondence on the site’s chat platform.
Data security experts Noam Rotem and Ran Locar shared their findings TechCrunch.
Depending on how the user signed up, the records also show the user’s Facebook ID, which points directly to their Facebook profile. It also includes the access token, which can be used to take over a JCrush user’s account without needing their password.
In some cases, the geolocation data was so accurate it was easy to identify exactly where some users lived — especially in residential neighborhoods.
A spokesperson for JCrush’s parent company, Northsight Capital, said it was “aware” of the situation and “secured the database immediately when the problem occurred,” TechCrunch reported.
“There have not been any indications that the data had been accessed by malicious parties or misused in anyway,” said the company.
A message from our editor-in-chief Jodi Rudoren
We're building on 127 years of independent journalism to help you develop deeper connections to what it means to be Jewish today.
With so much at stake for the Jewish people right now — war, rising antisemitism, a high-stakes U.S. presidential election — American Jews depend on the Forward's perspective, integrity and courage.
— Jodi Rudoren, Editor-in-Chief
