JCrush Database Left Entirely Exposed

Dominic Whitlock 5th June 20195th June 2019

Two white hat hackers have uncovered major security flaws at Jewish dating app JCrush. The business had been leaving its database and user records exposed.

Noam Rotem and Ran Locar shared their findings with TechCrunch, and contacted the owners of JCrush to ensure the deficiencies were fixed before any malicious attacks could take place.

A spokesperson for JCrush said the database was secured as soon as they were made aware of the situation. They also assured users that there is no evidence that the information had been misused.

Data from approximately 200,000 members was unencrypted and vulnerable. This included personal information, such as names, genders and email addresses. Further, messages and pictures exchanged privately between singles were visible.

IP addresses and geolocations were also easily accessed, which could have left users open to potential anti-semitic hate crimes.

Last year, a third party app displayed the exact location of Grindr users, putting those in countries where LGBTQ discrimination is prominent in serious danger.

If any members had signed up to JCrush using their Facebook profile, a hacker would have been able to obtain their access token. This means they could have accessed the dating profile without the need for a password.

This is the same technique that was used in October to compromise 50 million Facebook accounts, leaving multiple dating platforms susceptible to attacks. Tinder found that none of its users’ accounts were breached.