The breach was rooted in the site’s failure to encrypt its data,TechCrunch reported Tuesday. Anyone who knew where could access a users’ real name, gender, email address, IP address, location, age, sexual preferences and religious denomination.
It even allowed access to correspondence on the site’s chat platform.
Data security experts Noam Rotem and Ran Locar shared their findings with TechCrunch.
In some cases, the geolocation data was so accurate it was easy to identify exactly where some users lived — especially in residential neighborhoods.
A spokesperson for JCrush’s parent company, Northsight Capital, said it was “aware” of the situation and “secured the database immediately when the problem occurred,” TechCrunch reported.
“There have not been any indications that the data had been accessed by malicious parties or misused in anyway,” said the company.