Dating app JCrush potentially exposed the records of around 200,000 users. The app, designed for the Jewish community, left the database open without a password, exposing user data and private messages, said security researchers Noam Rotem and Ran Locar, according to reports. In addition, none of the data was encrypted.
The exposed records included user names, genders, email addresses, IP addresses and geolocation, as well as their cities, states, countries, dates of birth, sexual preferences, religious denominations and photos used on the app. Some users may have also had their Facebook IDs revealed, as well as the access token, which can be used to take over an account without a password. In some instances, the geolocation data was accurate enough to identify where some users lived, especially those in residential areas.
The exposed database contained private messages as well, which were often explicit and graphic.
The app’s Founder Natasha Nova did not respond to a request for comment, but an unnamed spokesperson for JCrush’s parent company, Northsight Capital, said it was “aware” of the situation and “secured the database immediately when the problem occurred.”
“There have not been any indications that the data had been accessed by malicious parties, or misused in any way,” said the company, which added that it will notify its users and law enforcement of the incident.
This is just the latest data exposure of a dating app. Last year, Donald Daters, a dating app for conservative supporters, confirmed a database leak on its first day of operation, exposing the private information of about 1,600 users. In May, Chinese dating app Rela — created for the gay community, and had more than 5 million users — admitted that it left its database open and exposed.