How Dating Sites Are Courting Danger with Their Data

Posted on 8 September 2019

When it comes to looking for love online, many of us are careful to guard our hearts – but we might be better placed guarding our data.

Several tech giants in the mobile app dating space have fallen victim to hackers and massive data breaches, exposing their users’ pictures, birthdays, conversations, and even locations to the world. As dating sites struggle to keep data private, is it time for a love lockdown?

Troubling Location Leaks

At a time when data breaches are certainly having their moment in the headlines, dating apps have refused to shy away from the spotlight for all the wrong reasons. In 2019 alone, four popular dating apps suffered major privacy problems, revealing perhaps the most troubling data of all: the precise locations of millions of users.

Cyber security firm Pen Test Partners revealed that Grindr, Romeo, Recon, and 3Fun all had major security issues, especially with regards to their users’ locations. Using information from all of these apps, security experts were able to create maps of user locations across the world by using algorithms based on longitude, latitude, and in some cases, altitude – thereby creating a three-point map of a user’s location.

In theory, this particular kind of breach could be used to impact over 10 million users globally, going beyond a simple privacy issue and into seriously dangerous territory; putting the apps’ user bases at risk.

Grindr, Recon, and Romeo, for instance, all cater to the LGBT+ community, and such a leak could easily spell real danger for users if they live in a country lacking in tolerance. Meanwhile, users in the USA could find themselves outed and jobless if they live in one of the many states that don’t have laws against discriminatory dismissal. Elsewhere, users living in Saudi Arabia or Uganda could see themselves persecuted, imprisoned, or even executed – further highlighting the importance of maintaining user privacy, and the responsibility these apps have to ensure this.

Indecent Exposure

On the other side of the coin, 3Fun users who are concerned about their privacy have a lot more to worry about than just their location being leaked: the group dating app was accused of having the “worst security for any dating app we’ve ever seen,” by Pen Test Partners. The researchers found that 3Fun were storing dates of birth, sexual preferences, pictures, and chat data, with no encryption, password restriction, or other barrier to their 1.5 million user strong database.

Unfortunately, it’s a common occurrence in the dating landscape. Gay dating app Jack’d was recently fined $240,000 for the same issue, when negligence around their security resulted in pictures and personal details being leaked – something they declined to inform their users about for a full year.

Jewish dating app JCrush also failed to adopt adequate security protocols, leaving their database of 200,000 people wide open without a password. This exposed their users’ name, gender, email address, IP address and geolocation, as well as their city, state and country, date of birth, sexual preferences, religious denomination and personal photos. To make matters worse, depending on how the user signed up to JCrush, the records would also reveal the user’s Facebook ID, which points directly to their Facebook profile, undermining personal security efforts.

What’s Love Got to Do with It?

Other niche apps such as CougarDating, ChristiansFinder, Mingler, Coffee Meets Bagel, FWB Dating, and more have recently been exposed as having soft data security protocols. The right-wing conservative dating app Donald Daters accidentally leaked its entire database of users on the day of its launch – and no, that’s not fake news.

In short, it’s become apparent that whilst some dating app users are getting lucky in love, their data is being left wide open for dubious parties to pick up. While dating apps are quick to promise privacy for their users, it seems they’re facing some real commitment issues when it comes to data security.

After courting controversy with these large data breaches, many of these apps and sites are (thankfully) working with cybersecurity experts on tightening up security. With the privacy – and in some cases, safety – of their audience at risk, it’s a relief to know the issue is being taken seriously.

Will it be enough to keep users signed up? We’ll have to see if it’s a case of renewed faith, or once bitten, twice shy. What we do know, is that these dating app data breaches demonstrate quite clearly that any organisation is at risk.

 

Eager to find out more about securing your users’ sensitive information? Feel free to get in touch with our team to talk things through.

A few people we've already done it for
X