New York Attorney General Letitia James has reached a settlement with makers of an online dating app serving the LGBTQ community after it experienced a security breach.
James says Online Buddies, which operates the dating app Jack’D, failed to protect private photos -- including nude images -- of approximately 1,900 users. She said the company will pay a $240,000 fine.
The complaint said Online Buddies told its users that it had implemented security measures to protect user data. In particular, users were reportedly told that certain images would be marked as “private” and would not be accessible by others.
James says the app’s interface both explicitly and implicitly represents that the private pictures feature can be used to exchange nude photos securely and privately. When using the app, she says members see two screens when uploading photos of themselves: one for photos designated as “public” and another for photos designated for “private” viewership.
‘Risk of exposure’
Despite the company’s best intentions, James says the network was vulnerable to hackers. A researcher recently reported that it was possible for anyone to see or download pictures marked “private.” The attorney general says people in the company were aware of the flaws in the system for more than a year but failed to take action to fix the problems.
“This app put users’ sensitive information and private photos at risk of exposure and the company didn’t do anything about it for a full year just so that they could continue to make a profit,” James said. “This was an invasion of privacy for thousands of New Yorkers.”
Jack’D has users around the world. James says her office has determined that about 7,000 of them live in New York.
This isn’t the first time that a dating app has suffered a security breach. In 2015, Ashley Madison, a dating site for married people who want to have affairs, suffered an embarrassing breach when a hacker published the names of the people cheating on their spouse -- or hoping to.
The Toronto-based company, which at the time had the marketing slogan “life is short, have an affair,” agreed to a settlement with the U.S. Federal Trade Commission and 13 states a year later. The agreement also required the company to establish a comprehensive data security program.
The lesson for consumers is pretty clear. It’s never a good idea to give a dating app or social media site any information, including provocative photographs, that you aren’t willing to share with the world.