A Shocking Security Lapse Revealed

In a stunning revelation, dating app Raw has come under fire for a serious security breach that has jeopardized the personal data and exact locations of countless users, as uncovered by TechCrunch.

What Data Was Exposed?

The hack has exposed sensitive details including users' display names, birth dates, and specific dating preferences tied to the app. Alarmingly, some location data was precise enough to pinpoint users' whereabouts down to street levels.

Raw's Controversial Launch and Popularity

Launched in 2023, Raw aims to offer authentic connections by requiring users to upload daily selfies. Though the company doesn’t disclose its user count, its Google Play Store listing boasts over 500,000 downloads.

The Timing Couldn't Be Worse

This breach comes on the heels of Raw's announcement about a groundbreaking hardware extension, the Raw Ring, which will supposedly allow users to track their partners' heart rates and even alert them to possible infidelity. However, such technological surveillance raises significant moral and ethical questions.

Claims of Encryption Under Fire

Despite Raw's insistence that it employs end-to-end encryption to protect user data, TechCrunch’s investigation revealed a disturbing truth: the app was leaking user data accessible to anyone with a web browser. An immediate fix was implemented after TechCrunch notified Raw about the issue.

Company’s Response and Future Actions

Marina Anderson, co-founder of Raw, assured that all exposed data endpoints were secured and additional protections are being established. However, she confirmed that no third-party security audit had been conducted, raising further concerns. When pressed about notifying affected users, Anderson stated that a report would be submitted to relevant authorities instead.

Investigation Continues

The duration of the data leak remains uncertain, leaving many users in the dark. While Anderson asserted the app employs encryption in transit and access controls, doubts linger about the overall security measures in place.

The Technical Breakdown of the Breach

TechCrunch discovered this data exposure during a test that simulated user activity without real-world data. It involved creating a dummy account and monitoring the app's network traffic, revealing that user profiles could be accessed without proper authentication.

A Lesson On Cybersecurity Risks

This particular vulnerability, known as Insecure Direct Object Reference (IDOR), could allow anyone to access the data of multiple users just by altering a unique identifier. U.S. cybersecurity agency CISA has long highlighted the importance of proper authentication and authorization checks to prevent such breaches.

Immediate Fixes, Long-Term Trust Issues

While the security loophole has been addressed, concerns remain regarding the overall safety of users' data on Raw. The question now is: Can users trust this app with their most personal information moving forward?