Gay dating app Scruff has bought its competitor Jack’d, after the latter was fined for exposing users’ private photos.
Earlier this month, Jack’d agreed to pay $240,000 to 7,000 users in New York after a bug in the app left users’ private photo albums — which often contain sensitive images — exposed to potential hacks.
Jack’d reportedly fixed the loophole in its app in February, but had known about the bug for a year prior to the fix.
It was particularly notable given Jack’d’s five million users — around half of whom are in Asia — includes large numbers of queer and trans people of color (approximately 80%), who are more at risk of potential discrimination than their white LGBTQ counterparts.
“This app put users’ sensitive information and private photos at risk of exposure and the company didn’t do anything about it for a full year just so that they could continue to make a profit,” James said in a statement. “This was an invasion of privacy for thousands of New Yorkers. Today, millions of people across the country — of every gender, race, religion, and sexuality — meet and date online every day, and my office will use every tool at our disposal to protect their privacy.”
Following the settlement, Jack’d has been bought over by Scruff owner Perry Street Software, which — following the acquisition — now claims to be the “largest fully LGBTQ owned and operated software company,” the company said in a statement.
“For years, we have admired the diverse and global community of Jack’d,” Perry Street CEO Eric Silverberg said. “This acquisition will provide Jackd’d members with the same combination of technology and active moderation we have developed at SCRUFF, so that the Jack’d community members will be protected against harassment, spam bots, scammers, and risks while traveling.”
Silverberg told the Daily Beast that Perry Street will be much more proactive in policing bugs and flaws in Jack’d, and will reportedly redesign the app to overhaul its technologies, privacy, and stability.
” I cannot even fathom a scenario where someone would bring this to our attention and we wouldn’t address it immediately,” Silverberg said of Jack’d potentially exposing users’ data. “It was frankly unfathomable to us when we first read about it in February.”
He added: ““If there’s any suggestion of a data breach or a security issue, we stop what we’re doing and work relentlessly until it’s addressed.”
Jack’d’s security issues aren’t unique, with gay dating app Grindr in particular being forced to deal with a number of software and privacy-related mishaps.
Last April, Grindr admitted it had been sharing users’ HIV status with two outside companies, including last-tested dates and whether HIV-negative users’ were taking PrEP.
The data was sent together with users’ GPS data, phone ID, and email, which meant it could be used to identify specific users and their HIV status, a researcher said.
And in March 2018, a website that allowed Grindr users to see who had blocked them went live, enabled by accessing elements of Grindr’s private software APIs.
In addition, the service’s developer said Grindr’s APIs could be exploited to create a map showing data from register profiles at a neighborhood level — including where users of the app are located.
Earlier this year, the U.S. government identified Grindr as a potential national security risk because of the specific data it holds on users — data which is stored and handled by the company’s Chinese owners, Beijing Kunlun Tech Co Ltd.
The Committee on Foreign Investment in the United States (CFIUS) deemed foreign ownership of Grindr to be a risk, with speculation being that Grindr’s data could potentially be used to identify the location of U.S. military and intelligence personnel.