Jewish Dating App Jcrush Leaves 200,000 Users’ Personal Data Exposed
(JTA) — A security lapse at the JCrush dating application for Jews left sensitive personal data of about 200,000 users exposed.
The breach, rooted in the site’s failure to encrypt its data, gave anyone who knew where to look access to users’ real name, gender, email address, IP address, location, age, sexual preferences and religious denomination, TechCrunch reported Tuesday.
It even allowed access to logged correspondence on the site’s chat platform.
Data security experts Noam Rotem and Ran Locar shared their findings TechCrunch.
Depending on how the user signed up, the records also show the user’s Facebook ID, which points directly to their Facebook profile. It also includes the access token, which can be used to take over a JCrush user’s account without needing their password.
In some cases, the geolocation data was so accurate it was easy to identify exactly where some users lived — especially in residential neighborhoods.
A spokesperson for JCrush’s parent company, Northsight Capital, said it was “aware” of the situation and “secured the database immediately when the problem occurred,” TechCrunch reported.
“There have not been any indications that the data had been accessed by malicious parties or misused in anyway,” said the company.
A message from our Publisher & CEO Rachel Fishman Feddersen
I hope you appreciated this article. Before you go, I’d like to ask you to please support the Forward’s award-winning, nonprofit journalism during this critical time.
We’ve set a goal to raise $260,000 by December 31. That’s an ambitious goal, but one that will give us the resources we need to invest in the high quality news, opinion, analysis and cultural coverage that isn’t available anywhere else.
If you feel inspired to make an impact, now is the time to give something back. Join us as a member at your most generous level.
— Rachel Fishman Feddersen, Publisher and CEO