Jack’d, a popular gay hookup and dating app that left users’ nude photos exposed, has agreed to pay $240,000 to New York state and amp up security in an agreement with the state Attorney General’s office, officials announced Friday.
The app, which is run by parent company Online Buddies Inc., allows users to share the explicit photos discreetly with others on the app who they selected. But due to a security flaw, those racy photos — as well as personal and location data — became accessible to anyone using the internet.
Users had the option of uploading photos either publicly or privately. But it was revealed that both options were being sent to the same server leaving them open to anyone using the app.
What’s worse, AG Letitia James says, the security problem was made known to the company in February 2018 — but it didn’t fix the flaw until a year later.
Dead James Bond movie extra was targeted on Grindr: prosecutors
An extra on the James Bond movie “Skyfall” was murdered…
And of the some 7,000 users of the app in New York, nearly 4,000 of those people had uploaded private photos, approximately 2,000 of which were nude images, James said.
“This app put users’ sensitive information and private photos at risk of exposure and the company didn’t do anything about it for a full year just so that they could continue to make a profit,” James said in a statement.
The company’s new CEO Adam Segel said, “Online Buddies became aware of a potential security flaw in the Jack’d app that was corrected earlier this year. We apologize to our users for this flaw.”
“With new leadership and stronger security measures in place, Jack’d users can continue to rely on the security of their personal data. We greatly value all of our Jack’d users throughout the world and wish all in our community a happy and healthy pride,” Segel added.