Reporters – Zack Whittaker – Online Personals Watch

TeaOnHer Is for Men, And Is Leaking Users Personal Data

Posted on August 7, 2025

TECH CRUNCH – TeaOnHer launched in the Apple app store this week and is an app designed for men to share photos and information about women they have supposedly dated. It has exposed users' personal information, IDs, and selfies, TechCrunch confirmed. TeaOnHer is a response to the app 'Tea' (6m users) that allows women to post about the men they date. Tea had a data breach with 72k images, selfies, IDs, and also 1M private messages. TeaOnHer now ranks No.2 in Lifestyle apps on iOS.

See full article at Tech Crunch

Curated by the Courtland Brooks team

Dating App Raw Exposed Users’ Location Data and Personal Information

Posted on May 5, 2025

TECH CRUNCH – Dating app Raw exposed users' personal data and precise location information due to a security flaw. The app leaked names, birthdates, preferences, and GPS data through a public server lacking proper authentication. The app did not use end-to-end encryption as claimed. Raw fixed the bug after being contacted, but has not notified affected users or undergone a third-party security audit. The vulnerability was due to an insecure direct object reference (IDOR), a known and easily exploitable bug.

by Zack Whittaker
See full article at Tech Crunch

See the top news on RAW

U.S. Military Runs PsyOps Ads on Tinder in Lebanon Amid Middle East Tensions

Posted on August 28, 2024

TECH CRUNCH – The U.S. military placed ads on Tinder in Lebanon, warning people in Arabic not to attack the U.S. or its allies amid Middle Eastern tensions. The ads, linked to U.S. Central Command, targeted groups like Hezbollah and were part of a broader psychological operations strategy. Despite their intent, Tinder removed the ads for violating its policies on violence and safety. The U.S. Central Command declined to comment on the campaign's details.

by Zack Whittaker
See full article at Tech Crunch

See the top news on Tinder

POF Was Leaking Users’ Hidden Names and Zip Codes

Posted on December 26, 2019

TECH CRUNCH – Dec 23 – The leaking data was not immediately visible to app users, and the data was scrambled to make it difficult to read. But using freely available tools designed to analyze network traffic, the security researcher found it was possible to reveal the information about users as their profiles appeared on his phone. POF has ~150M registered users.

by Zack Whittaker
See full article at Tech Crunch

See all posts on POF

Facebook Users’ Phone Numbers Found Online

Posted on September 5, 2019

TECH CRUNCH – Sep 5 – The exposed server contained ~419M records over several databases on users across geographies, including 133M records on U.S.-based Facebook users. The server wasn't protected with a password so anyone could find and access the database. Each record contained a user's Facebook ID and the phone number listed on the account. This is the latest security lapse involving Facebook data after the Cambridge Analytica scandal, which saw ~80M profiles scraped to help identify swing voters in the 2016 U.S. presidential election. Facebook spokesperson Jay Nancarrow said the data had been scraped before Facebook cut off access to user phone numbers.

by Zack Whittaker
See full article at Tech Crunch

Group Dating App 3fun Exposed Sensitive Data on 1.5M Users

Posted on August 8, 2019

TECH CRUNCH – Aug 8 – The researchers from Pen Test Partners called the app a "privacy train wreck." ~1.5M users of the group dating app had their personal data exposed, including their real-time location, because of a vulnerability in the app. 3fun bills itself as a "private space" for kinky, open-minded people. Because the app wasn't properly secured, the researchers found they could plug in any coordinates they wanted to spoof their location, revealing sensitive information on anyone within any location of their choosing, including government buildings, military bases, and intelligence agencies. The researchers contacted 3fun on July 1 to report the bugs. Munro said the app maker took weeks to fix the issues.

by Zack Whittaker
See full article at Tech Crunch

Tinder’s New Security Feature Protects LGBTQ+ Users in Hostile Nations

Posted on July 25, 2019

TECH CRUNCH – July 24 – Users who identify as lesbian, gay, bisexual, transgender or queer on Tinder will no longer automatically appear on the app when they arrive in an oppressive state. This feature, called Traveler Alert, relies on users' phone network connection to determine its location. From there it will give users the choice to keep their location private. If users opt-in to make their profile public again, Tinder will hide their sexual orientation or gender identity from their profile to safeguard the information from law enforcement and others who may target them. There are 69 countries that consider same-sex acts illegal. Nine of the countries, including Iran, Sudan, and Saudi Arabia allow for prosecutors to pursue the death penalty against same-sex acts and relationships.

by Zack Whittaker
See full article at Tech Crunch

See all posts on Tinder

Apple Reveals App Store Takedown Demands by Governments

Posted on July 4, 2019

TECH CRUNCH – July 4 – For the first time, Apple has published the number of requests it's received from governments to take down apps from its app store. In its latest transparency report, published Tuesday, Apple said it received 80 requests from 11 countries to remove 634 apps from its app stores during July 1 to December 31, 2018. Apple didn't list the apps that were removed, but noted in most cases why the apps were pulled. China made up the bulk of the requests, seeking to remove 517 apps claiming they violated its gambling and pornography laws. Vietnam and Austria also requested the removal of several apps that violated its gambling laws, while Kuwait asked Apple to pull some apps that fell afoul of its privacy laws. Apple said it received 29,183 demands from governments – down ~10% on the last reporting period – to access 213,737 devices in the second half of last year. Apple also received 4,875 requests for account data, such as information stored in iCloud – up by 16% on the previous reporting period – affecting 22,503 accounts.

by Zack Whittaker
See full article at Tech Crunch

Jewish Dating App JCrush Exposed User Data and Private Messages

Posted on June 4, 2019

TECH CRUNCH – June 4 – A security lapse at JCrush left a database open without a password, exposing sensitive user records and private messages to anyone who knew where to look. None of the data was encrypted. The records contained the user's name, gender, email address, IP address and geolocation, as well as their city, state and country, date of birth, sexual preferences, religious denomination and photos they use on JCrush. The records also show the user's Facebook ID, which points directly to their Facebook profile. It also includes the access token, which can be used to take over a JCrush user's account without needing their password. JCrush's parent company, Northsight Capital, said it was "aware" of the situation and "secured the database immediately when the problem occurred."

by Zack Whittaker
See full article at Tech Crunch

See all posts on JCrush

Rela, a Chinese Lesbian Dating App, Exposed 5M User Profiles

Posted on March 28, 2019

TECH CRUNCH – Rela, a popular dating app for gay and queer women, has exposed millions of user profiles and private data because a server wasn't protected with a password. Rela disappeared from app stores in May 2017 after it was reportedly shut down by Chinese regulators, though the government never confirmed it took action. But the app returned a year later, according to its app store listing, on a different cloud provider. Victor Gevers, a security researcher at the GDI Foundation, found the exposed database this week, containing ~5.3M app users. It's believed the database had been exposed since June 2018, a month after the app returned, Gevers said. Each record included their nicknames, dates of birth, height and weight, ethnicity and sexual preferences and interests. A company spokesperson confirmed the database had been secured.

by Zack Whittaker
See full article at Tech Crunch

See all posts on Rela

Subscribe to OPW + Join IDEA + Hire Us

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: