Users' Secrets Laid Bare!

In a startling revelation, TechCrunch has uncovered a serious security breach at the dating app Raw, jeopardizing the personal information and real-time location data of its users. This shocking lapse has put thousands at risk, with their display names, birth dates, and even intimate preferences laid bare for all to see.

What’s at Stake?

The data leak has exposed exact coordinates of users, pinpointing locations with street-level accuracy. Launched just this year, Raw claims to foster genuine connections through daily selfie uploads, yet this breach raises urgent questions about user safety.

Despite boasting over 500,000 downloads on Android, Raw's security measures appear significantly flawed. As the company looks to expand with its controversial Raw Ring wearable device, which tracks heart rates and other biometrics to supposedly detect infidelity, users are left questioning the platform's integrity.

Promises of Privacy Broken?

Raw has claimed that both the app and the Raw Ring utilize end-to-end encryption, supposedly safeguarding user data from prying eyes, including those of the company itself. However, upon investigation, TechCrunch found no evidence of such encryption. Instead, user data was being freely accessible to anyone with a web browser, undermining these lofty promises.

Quick Response to Crisis

Following TechCrunch’s inquiries, Raw swiftly fixed the security gap within hours. Marina Anderson, co-founder of Raw, assured that the exposed endpoints had been secured, and additional safeguards implemented to prevent future breaches.

However, Anderson admitted that the company had not undergone a third-party security audit, raising alarms about their commitment to user safety.

What’s Next for Users?

While Raw plans to report this incident to data protection authorities, they remain vague on whether affected users will be proactively notified. As investigations continue, it's unclear how long user data was publicly accessible, leaving many in suspense.

How the Breach Unfolded

TechCrunch's investigation revealed the vulnerability through a simple test using a virtual Android device. By creating an account with fake data and allowing the app access to mock location settings, the team discovered that any user’s private information could easily be accessed by manipulating simple identifiers.

The Threat of IDOR Vulnerabilities

This type of vulnerability, known as Insecure Direct Object Reference (IDOR), is incredibly dangerous. Imagine having a key that could open every mailbox on your street—this is the kind of risk posed by such flaws. The U.S. cybersecurity agency CISA has long warned of these threats, highlighting the need for strict authentication and security measures in app development.

A Wake-Up Call for Online Safety!

As Raw bounces back from this crisis, it underscores the critical need for users to be vigilant about their privacy. Will Raw take stronger measures to protect its community in the future? Only time will tell, but one thing is clear: users need to demand better security measures from dating apps.