The “JCrush” Dating App Has Exposed All User Data, Even Messages

Last updated September 25, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

The “JCrush” dating app created by “Crush Mobile” has exposed over 200,000 of its users, leaking out personally identifiable information, preferences, and even the private conversations they had on the platform. The discovery of the data, which is about 18.45 GB in size, came from Noam Rotem and Ran Locar, who immediately contacted the owner on May 31, 2019.

Crush Mobile secured the data on the same day, although they failed to respond to the researchers and explain what happened or if they’re planning to inform their userbase.

data_nudity

Source: VPNMentor

The information that the researchers found in the exposed Mongo database includes the following details:

private messages

Source: VPNMentor

Considering that the above constitutes a data treasure in the hands of anyone willing to exploit the set, the researchers dug deeper to find particularly sensitive users. Indeed, they found government employees from various countries, including some employed by the US National Institute of Health, US Veterans Affairs, the Brazilian Ministry of Labor and Employment, the UK’s cultural department, Israel’s Justice Department, and many more.

Moreover, the researchers found that some of the entries they looked into may point to users who paid a premium to hide behind a special “incognito mode,” offered by JCrush as an option for those who want to hide their real identities. The only positive aspect of this data discovery is that 200,000 is only a fraction of JCrush’s userbase, so not every user of the app has been exposed by this security incident.

Read More:



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: