A security breach at the dating app Raw has now reportedly exposed sensitive user data, including personal information and precise location details.
fThe vulnerability allowed access to users’ display names, birth dates, and dating preferences, with some location data pinpointing users at street-level accuracy.
Raw, launched in 2023, aims to create genuine interactions by requiring users to upload daily selfies. While the app claims over 500,000 downloads on the Google Play Store, it has faced scrutiny following this incident.
Notably, the timing of the breach coincides with the announcement of a new wearable device, the Raw Ring, intended to track partner metrics like heart rate.
Despite claiming to use end-to-end encryption to protect user data, TechCrunch’s investigation revealed no evidence of such security.
The app was found to be leaking user information publicly, accessible through a web browser without proper authentication.
This type of vulnerability, known as insecure direct object reference (IDOR), allows unauthorized access to user data easily.
After TechCrunch informed Raw about the exposure, the company quickly secured the data endpoints. Marina Anderson, co-founder of Raw, stated that all previously exposed data points have been secured and additional safeguards implemented.
However, she did not commit to notifying affected users, opting instead to submit a report to relevant data protection authorities.
The company has not conducted a third-party security audit, raising further concerns about its data protection practices.
As the investigation continues, Raw’s claims about encryption and user privacy remain under scrutiny, highlighting the risks associated with personal data management in the digital age.
[READ MORE: Aurora Launches New Self Driving Truck Service]
