TECH CRUNCH - June 4 - A security lapse at JCrush left a database open without a password, exposing sensitive user records and private messages to anyone who knew where to look. None of the data was encrypted. The records contained the user's name, gender, email address, IP address and geolocation, as well as their city, state and country, date of birth, sexual preferences, religious denomination and photos they use on JCrush. The records also show the user's Facebook ID, which points directly to their Facebook profile. It also includes the access token, which can be used to take over a JCrush user's account without needing their password. JCrush's parent company, Northsight Capital, said it was "aware" of the situation and "secured the database immediately when the problem occurred."
Comments