A security lapse at dating app Raw publicly exposed the personal data and private location data of its users, TechCrunch has found.
The exposed data included users’ display names, dates of birth, dating and sexual preferences associated with the Raw app, as well as users’ locations. Some of the location data included coordinates that were specific enough to locate Raw app users with street-level accuracy. Raw, which launched in 2023, is a dating app that claims to offer more genuine interactions with others in part by asking users to upload daily selfie photos. The company does not disclose how many users it has, but its app listing on the Google Play Store notes more than 500,000 Android downloads to date.
Read more…
Source: TechCrunch News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- What Does an Internal Attack Resulting in a Data Breach Look Like in Today’s Threat Landscape?
February 3, 2022
A common scenario is one in which an attacker gains access to an internal network via a compromised workstation that has been infected with malware, invariably via a social engineering email attack. No enterprise is immune to this type of insider attack. We all, at some point, took the bait and clicked unsolicited links masquerading ...
- Telco fined €9 million for hiding cyberattack impact from customers
February 1, 2022
The Greek data protection authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication due to a cyberattack. As the agency says in an announcement, COSMOTE infringed at least eight articles of the GDPR, including violating its duty to inform affected customers of ...
- Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data
January 20, 2022
The Red Cross is imploring threat actors to show mercy by abstaining from leaking data belonging to 515,000+ “highly vulnerable” people that were stolen from a program used to reunite family members split apart by war, disaster or migration. “While we don’t know who is responsible for this attack, or why they carried it out, we ...
- Former DHS official charged with stealing govt employees’ PII
January 14, 2022
A former Department of Homeland Security acting inspector general pleaded guilty today to stealing confidential and proprietary software and sensitive databases from the US government containing employees’ personal identifying information (PII). 61-year-old Charles Kumar Edwards coordinated the scheme while working for DHS-OIG (Department of Homeland Security, Office of Inspector General) as an employee and acting IG ...
- California town announces data breach involving police department, loan provider
January 10, 2022
Grass Valley, California has announced an extensive data breach involving the Social Security numbers and more of all city employees and vendors — as well as anyone who had their information given to the local police department. The city said in a notice that Social Security numbers, driver’s license numbers, and health insurance information was leaked ...
- FlexBooker apologizes for breach of 3.7 million user records, partial credit card information
January 7, 2022
Scheduling platform FlexBooker apologized this week for a data breach that involved the sensitive information of 3.7 million users. In a statement, the company told ZDNet a portion of its customer database had been breached after its AWS servers were compromised on December 23. FlexBooker said their “system data storage was also accessed and downloaded” as ...