Private photos and information were available for anyone to access
A dating app has agreed to pay $240,000 (£189,000) as part of a settlement after private photos of its users were leaked last year.
Jack’d, which describes itself as the world’s “most culturally diverse gay dating app”, has more than 6 million users around the world, made up primarily of gay and bisexual men.
The app includes a feature which allows users to post private images, which should have only been accessible to people who were specifically selected.
In February 2018, cyber-security researcher Oliver Hough allegedly reported a flaw which meant the private photos, as well as other sensitive information such as device IDs and location, were available publicly.
But Online Buddies, which owns the app, failed to fix the problem until a year later in February 2019.
New York Attorney General Letitia James announced a settlement on Friday 28 June, by which Online Buddies will pay the $240,000 to New York state and implement improved security measures to prevent any similar incidents in the future.
The state argued that “the app’s interface has explicitly and implicitly represented that the private pictures feature can be used to exchange nude images securely and, more importantly, privately”.
It also claimed that Jack’d had around 7,000 active New York users, around 1,900 of whom had “private images that could be nude photographs”.
James said in a statement released this week that the company knew of the issue and “didn’t do anything about it for a full year just so that they could continue to make a profit.”
Adam Segel, CEO of the parent company, told The Independent: “Online Buddies became aware of a potential security flaw in the Jack’d app that was corrected earlier this year.
"We apologise to our users for this flaw. We worked closely with, and cooperated fully with, the New York attorney general’s office in their investigation of this matter.”
He continued: “With new leadership and stronger security measures in place, Jack’d users can continue to rely on the security of their personal data. We greatly value all of our Jack’d users throughout the world and wish all in our community a happy and healthy pride.”
Jack’d is not the first dating app to face concerns over its handling of users’ data.
Most famously, Ashley Madison, which was aimed at people looking for extramarital affairs, was hacked in 2015, leading user identities to be leaked. It was subsequently subject to a US Federal Trade Commission investigation and a $576m (£454m) class-action lawsuit was filed against the company.