The Jewish dating app JCrush exposed around 200,000 user records due to an unencrypted database, reported TechCrunch, which exclusively obtained the data from security researchers Noam Rotem and Ran Locar. The records consisted of user names and their information, including, but not limited to, gender, date of birth, IP address, religious affiliation, email address and sexual identification, in addition to photos on the app.
“Depending on how the user signed up, the records also show the user’s Facebook ID, which points directly to their Facebook profile,” reported TechCrunch. “It also includes the access token, which can be used to take over a JCrush user’s account without needing their password.”
“In some cases, the geolocation data was so accurate it was easy to identify exactly where some users lived, especially in residential neighborhoods,” added the outlet.
A spokesperson for Northsight Capital, JCrush’s parent company, told TechCrunch that it is “aware” of the breach and “secured the database immediately when the problem occurred.”
“There have not been any indications that the data had been accessed by malicious parties or misused in any way,” said the spokesperson.