Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

The ‘first’ ransomware attack run by AI still needed a human

You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    The ‘first’ ransomware attack run by AI still needed a human

    7 July 2026

    If you use Google, you train its AI. See how you can opt out.

    6 July 2026

    Amazon will stop accepting new customers for Mechanical Turk

    6 July 2026

    Yes, we use OpenClaw to this day

    5 July 2026

    Midjourney wants Hollywood studios to reveal the details of their use of artificial intelligence

    5 July 2026
  • Apps

    You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

    7 July 2026

    Apple is bringing back card payments for Apple Account purchases in India after a four-year hiatus

    6 July 2026

    WhatsApp now allows you to reserve usernames

    5 July 2026

    Podcasting platform Riverside is getting into the newsletter game

    4 July 2026

    Threads adds new features to Live Chats as it expands access

    4 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026

    Anthropic’s latest spat with the Trump administration may actually help it, sales figures suggest

    17 June 2026
  • Hardware

    US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

    7 July 2026

    Smart glasses maker Even Realities hits $1 billion valuation with $150 million in funding led by Meituan, Tencent

    6 July 2026

    5 office gadgets that can make your work day better

    6 July 2026

    IQM, Europe’s first public quantum company, admits that the future of the technology is uncertain

    3 July 2026

    Thiel Capital’s Jack Selby commits stakes in hot startups like Etched through Arizona connections

    3 July 2026
  • Media & Entertainment

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026

    Watch out, Amazon: The Kobo eReader now has a Goodreads rival

    29 June 2026

    YouTube Shorts just got even shorter with an update that lets you double the playback speed

    25 June 2026

    Deezer says its new feature allows fans to remix songs with the artist’s consent

    24 June 2026
  • Security

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026

    The US government says it’s been hacked — again

    2 July 2026

    In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

    29 June 2026

    The Klue hack results in a data breach at several cybersecurity companies

    26 June 2026
  • Startups

    Station F emerges as a launch pad for Europe’s hottest AI startups

    6 July 2026

    Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

    4 July 2026

    The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

    3 July 2026

    Last chance to apply — Startup Battlefield Australia applications close on 6 July

    3 July 2026

    Arcturus could halve grid electrical losses using nano-infused metals

    2 July 2026
  • Transportation

    Chevy built an all-American EV truck — why isn’t anyone buying it?

    3 July 2026

    Rivian raises EV sales forecast as second-quarter production ramps up

    3 July 2026

    Lucid Motors CFO steps down as new CEO continues leadership shakeup

    2 July 2026

    Tesla begins testing Cybercab without pedals or steering wheel in Austin

    2 July 2026

    Lime is starting life as a public company after years of uncertainty

    1 July 2026
  • Venture

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026

    Bending Spoons defies SaaS slump, up 40% on first day of trading

    2 July 2026

    The DeepMind trio that created a poker AI is now making money for quantitative hedge funds

    1 July 2026

    Patronus AI lands $50 million to create ‘digital worlds’ that stress-test AI agents

    26 June 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»Dating RAW application exposed data users and personal information
Security

Dating RAW application exposed data users and personal information

techtost.comBy techtost.com3 May 202505 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Dating Raw Application Exposed Data Users And Personal Information
Share
Facebook Twitter LinkedIn Pinterest Email

A security security in the Dating App Raw has publicly exposed the personal data and private data data of its users, TechCrunch found.

Exposed data included user display names, dates of birth, dating and sexual preferences associated with the RAW application, as well as users’ locations. Some of the location data included coordinates that were specific enough to identify RAW app users accurately at street level.

RAW, which started in 2023, is a dating application that claims to offer more genuine interactions with others in part by asking users to upload daily selfie photos. The company does not reveal how many users it has, but its application in the Google Play Store notes over 500,000 Android downloads to date.

The news for the safety delay comes in the same week that the start announced an extension of dating application material, The Raw Ring, An unconfirmed portable device He claims to allow applications to monitor their partner’s heart rate and other sensor data to receive knowledge produced by AI, seemingly detecting infidelity.

Despite the moral and moral issues of watching romantic partners and The dangers of emotional surveillanceRAW claims on its website and in the Privacy Policy that its implementation and its non-circulated device use end to end, a safety feature that prevents anyone other than the user-including the company-from accessing the data.

When we tried the app this week, which included an application network analysis, TechCrunch found no evidence that the application uses end to end. Instead, we have found that the application disseminates public data on its users to anyone with a web browser.

RAW determined the report on Wednesday, shortly after contacting TechCrunch with the company details.

“All previous exposed endpoints have been secured and we have implemented additional safeguards to prevent similar issues in the future,” Marina Anderson, co -founder of the App Dating App, told TechCrunch.

When asked by TechCrunch, Anderson confirmed that the company had not conducted a third -party security check, adding that “its focus remains to build a high quality product and to be involved in our developing community.”

Anderson will not be committed to actively notifying influenced users that their information was exposed, but said the company would “submit a detailed report to the competent data protection authorities under applicable regulations”.

It is not immediately known how long the application publicly diffuses its users’ data. Anderson said the company was still investigating the incident.

Concerning her claim that the application uses end to end, Anderson said that RAW “uses encryption in transit and imposes access controls for sensitive data on our infrastructure.

Anderson would not say when asked if the company plans to adjust its privacy policy and Anderson did not respond to an email from TechCrunch.

How did we find exposed data

TechCrunch discovered the error on Wednesday during a short application test. As part of our test, we installed the Raw Dating application on an Android virtual device, which allows us to use the application without having to provide real world data, such as our physical location.

We created a new virtual user account, such as a name and date of birth, and we designed the location of our virtual device to appear as if we were in a museum in Mountain View, California. When the app requested the location of our virtual device, we allowed access to the application to our exact location in a few meters.

We used a network analysis tool to monitor and inspect data flowing in and out of the RAW application, which allowed us to understand how the application works and what data of the application was uploaded for its users.

TechCrunch discovered exposure to data within minutes of using the RAW application. When we first loaded the application, we found that it was pulling the user profile information directly from the company’s servers, but that the server does not protect the data returned with any check -up certification.

In practice, this meant that one could have access to private information of any other user using a web browser to visit the tissue address of the exposed server – api.raw.app/users/ followed by a unique 11 -digit number corresponding to another application user. Changing the digits corresponding to the 11 -digit ID of the other user has returned private information from this user’s profile, including their location data.

Image credits:Technological
A screenshot showing the position of TechCrunch's profile in a map, hovering over the Mountain View, California.
Image credits:Technological

This type of vulnerability is known as an insecure direct object or identifier, a type of error that can allow one to access or modify the data to someone else’s server due to a lack of appropriate security checks to the user accessing the data.

As we have previously explained, Idor errors are similar to having a key to a private mailbox, for example, but this key can also unlock any other mailbox on the same road. Therefore, IDOR errors can be easily exploited and in some cases are listed, allowing access to the registration after registering user data.

The US Cybersa Security Service has long been warned of the risks of IDOR errors, including the ability to access typically sensitive “scale” data. As part of Safe from design Initiative, Cisa said In a 2023 counseling That developers should ensure that their applications perform appropriate authentication and authorization controls.

Since RAW determined the error, the exposed server no longer returns user data to the browser.

application cyberspace data dating dating application Exclusive exposed information personal privacy RAW Users
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleWeekly Starts: Drama or Play Change? You decide
Next Article Airbnb quietly unravels a AI customer service bot in USA
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

6 July 2026

Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

3 July 2026

The US government says it’s been hacked — again

2 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

The ‘first’ ransomware attack run by AI still needed a human

7 July 2026

You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

7 July 2026

US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

7 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026

4 days left to save up to $190 on Founder Summit 2026

23 June 2026
Startups

Station F emerges as a launch pad for Europe’s hottest AI startups

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.