Coffee Meets Bagel has suffered a security breach after it inadvertently sent a user the wrong person’s data.
The mistake came after a writer for Engadget submitted a personal data request, but then received the information for a man called ‘Jon’ (real name redacted) from New York. This revealed Jon’s home address, birthday, e-mail address, ethnicity, sexuality, occupation and much more.
His in-app activity was disclosed as well, such as who he had matched with and whether or not they’d engaged in a conversation.
The mistake was put down to human error. An employee had incorrectly entered the internal user ID into the automated data-retrieval tool, and failed to double check.
Jon told Engadget: “I think it’s a major invasion of privacy, but I can see how these mistakes happen. Coffee Meets Bagel should be held accountable, but ultimately it’s up to me to be more selective with where I share my data voluntarily.”
Coffee Meets Bagel CEO Arum Kang explained to Engadget: “It’s definitely a really good learning opportunity for us. Honestly if you hadn’t brought it up we wouldn’t have caught it.”
The company has since gone back and reviewed every other data request to ensure that a similar incident hasn’t happened before.
It has also changed the request process by adding a stage where a second employee checks the personal files before they are sent out.
Coffee Meets Bagel is based in California, a state which is set to introduce tough data privacy laws in the year 2020.
Read more here.