BREAKINGON

Major Security Breach Exposes User Data on Raw Dating App

5/3/2025
A significant security lapse at the Raw dating app has led to the exposure of users' personal and location data. Despite claims of encryption, TechCrunch found the app leaking sensitive information. Raw has since fixed the issue but has not confirmed how long the data was exposed.
Major Security Breach Exposes User Data on Raw Dating App
TechCrunch reveals a security breach in the Raw dating app, exposing user data and location. The company claims to have fixed the issue but faces scrutiny over its privacy practices.

Security Breach at Raw Dating App Exposes User Data

A significant security lapse at the popular dating app Raw has led to the public exposure of sensitive user information, including personal data and precise location details. This alarming discovery was reported by TechCrunch, which found that the leaked data included users’ display names, dates of birth, dating preferences, and even location coordinates that could pinpoint users with street-level accuracy.

About the Raw Dating App

Launched in 2023, the Raw dating app aims to foster more authentic interactions among users by requiring them to upload daily selfies. While the company has not disclosed its total number of users, their app listing on the Google Play Store indicates over 500,000 downloads on Android devices. The timing of this security breach is particularly concerning, as it coincides with Raw’s announcement of a new hardware extension, the Raw Ring. This unreleased wearable device is designed to track partners’ heart rates and provide AI-generated insights, ostensibly to detect infidelity.

Concerns Over Data Privacy and Ethical Implications

The ethical implications of tracking romantic partners raise significant moral questions. Despite this, Raw claims on its website and in its privacy policy that both the app and the forthcoming device utilize end-to-end encryption. This feature is intended to ensure that no one, including the company itself, can access user data. However, a recent investigation by TechCrunch revealed a lack of evidence supporting this claim, as the app was found to be leaking user data publicly.

Raw's Response to the Security Breach

Following TechCrunch's alert about the vulnerability, Raw swiftly addressed the issue. Marina Anderson, the co-founder of the Raw dating app, stated in an email, “All previously exposed endpoints have been secured, and we’ve implemented additional safeguards to prevent similar issues in the future.” However, when pressed on whether the company had conducted a third-party security audit, Anderson admitted that they had not and emphasized their focus on product development and community engagement.

Investigation and Future Actions

While Anderson did not confirm plans to proactively inform users affected by the data exposure, she indicated that a detailed report would be submitted to relevant data protection authorities under applicable regulations. The duration of the data leak remains unclear, as the company continues to investigate the incident.

Understanding the Data Exposure Mechanism

TechCrunch's investigation revealed how easily the data exposure occurred. By installing the Raw app on a virtual Android device, the team created a new user account using dummy information. Upon granting the app access to its precise location, the team monitored the network traffic using a traffic analysis tool. Within minutes, they discovered that the app was retrieving user profile information directly from Raw’s servers without proper authentication measures.

This vulnerability, identified as an insecure direct object reference (IDOR), allowed anyone to access personal information by changing the unique identifiers in the app's URLs. This lack of security checks can lead to severe data breaches, making sensitive information accessible to unauthorized users. The U.S. cybersecurity agency CISA has long warned about the risks associated with IDOR vulnerabilities, emphasizing the need for proper authentication and authorization checks in app development.

Conclusion: A Call for Enhanced Security Measures

As Raw has resolved the immediate security concerns, it is crucial for the company to prioritize user safety and trust. Implementing comprehensive security audits and adhering to best practices in data protection will be essential in restoring confidence among its user base. The exposure of such sensitive information underscores the necessity for dating apps and other digital platforms to adopt stringent security protocols to safeguard user data.

Breakingon.com is an independent news platform that delivers the latest news, trends, and analyses quickly and objectively. We gather and present the most important developments from around the world and local sources with accuracy and reliability. Our goal is to provide our readers with factual, unbiased, and comprehensive news content, making information easily accessible. Stay informed with us!
© Copyright 2025 BreakingOn. All rights reserved.