(JTA) – A security lapse at the JCrush dating application for Jews left sensitive personal data of about 200,000 users exposed. The breach, rooted in the site’s failure to encrypt its data, gave anyone who knew where to look access to users’ real name, gender, email address, IP address, location, age, sexual preferences and religious denomination, TechCrunch reported Tuesday, June 11. It even allowed access to logged correspondence on the site’s chat platform. Data security experts Noam Rotem and Ran Locar shared their findings TechCrunch. Depending on how the user signed up, the records also show the user’s Facebook ID, which points directly to their Facebook profile. It also includes the access token, which can be used to take over a JCrush user’s account without needing their password. In some cases, the geolocation data was so accurate it was easy to identify exactly where some users lived – especially in residential neighborhoods.
A spokesperson for JCrush’s parent company, Northsight Capital, said it was “aware” of the situation and “secured the database immediately when the problem occurred,” TechCrunch reported. “There have not been any indications that the data had been accessed by malicious parties or misused in anyway,” said the company.