The dating app Jack’d has agreed to fork over $240,000 in damages and make substantial security updates after it failed to protect users’ private photos and videos.
New York Attorney General Letitia James’ office put out a statement this week saying it had reached a settlement with Online Buddies, Inc., the parent company of Jack’d, for allowing the private photos and videos of nearly 2,000 users to leak online.
“Although the company represented to users that it had security measures in place to safeguard users’ information, and that certain photos would be marked ‘private,’ the company failed to implement reasonable protections to keep those photos private, and continued to leave security vulnerabilities unfixed for a year after being alerted to the problem.”
The security breach was first discovered in 2018 by Oliver Hough. He noticed that the way Jack’d stored users’ content made it easy to access online, and that anyone could view it, regardless of whether they had a Jack’d profile.
When he reported the security flaw to Jack’d, they said they’d “look into it” then never did anything about it. It wasn’t until almost a year later, when Hough went to the media with the story, that the bug was hastily fixed.
“This app put users’ sensitive information and private photos at risk of exposure and the company didn’t do anything about it for a full year just so that they could continue to make a profit,” James’ statement continues.
“This was an invasion of privacy for thousands of New Yorkers. Today, millions of people across the country — of every gender, race, religion, and sexuality — meet and date online every day, and my office will use every tool at our disposal to protect their privacy.”
According to Online Buddies, Inc., Jack’d has over 6 million users worldwide, and it describes itself as the world’s “most culturally diverse gay dating app.”