The logo for the Daily Beast's Obsessed website. It reads: 'Obsessed: What to Watch, Binge, See, & Skip'
DAILY BEAST
CrosswordNewsletters
  • Cheat Sheet
  • Obsessed
  • Politics
  • Crime
  • Entertainment
  • Media
  • Innovation
  • Opinion
  • World
  • U.S. News
  • Scouted
CHEAT SHEET
    POLITICS
    • Biden World
    • Elections
    • Opinion
    • National Security
    • Congress
    • Pay Dirt
    • The New Abnormal
    • Trumpland
    MEDIA
    • Confider
    • Daytime Talk
    • Late-Night
    • Fox News
    U.S. NEWS
    • Identities
    • Crime
    • Race
    • LGBT
    • Extremism
    • Coronavirus
    WORLD
    • Russia
    • Europe
    • China
    • Middle East
    INNOVATION
    • Science
    TRAVEL
      ENTERTAINMENT
      • TV
      • Movies
      • Music
      • Comedy
      • Sports
      • Sex
      • TDB's Obsessed
      • Awards Shows
      • The Last Laugh
      CULTURE
      • Power Trip
      • Fashion
      • Books
      • Royalist
      TECH
      • Disinformation
      SCOUTED
      • Clothing
      • Technology
      • Beauty
      • Home
      • Pets
      • Kitchen
      • Fitness
      • I'm Looking For
      BEST PICKS
      • Best VPNs
      • Best Gaming PCs
      • Best Air Fryers
      COUPONS
      • Vistaprint Coupons
      • Ulta Coupons
      • Office Depot Coupons
      • Adidas Promo Codes
      • Walmart Promo Codes
      • H&M Coupons
      • Spanx Promo Codes
      • StubHub Promo Codes
      Products
      NewslettersPodcastsCrosswordsSubscription
      FOLLOW US
      GOT A TIP?

      SEARCH

      HOMEPAGE
      Tech

      Scruff Acquires Jack’d, The Dating App That Exposed Users’ Nudes

      HOT DATE

      The app's parent company is still on the hook for $240,000 in fines for its failure to protect user privacy.

      Blake Montgomery

      Reporter/Editor

      Updated Jul. 09, 2019 6:25PM ET / Published Jul. 09, 2019 3:48PM ET 
      exclusive

      Just two weeks after being fined hundreds of thousands of dollars for exposing its users’ nude photos, the dating app Jack’d has found the exit sign.

      Scruff, a privately held dating app that caters to gay and bisexual men, bought Jack’d for an undisclosed sum. The acquisition comes as Jack’d attempts to move past a privacy scandal and reassure users that their intimate communications remain unseen by prying eyes. 

      [Full disclosure: The Daily Beast is owned by IAC, which also owns Match Group, the company that operates Tinder, OkCupid, Hinge, and other dating apps.]

      On June 28, Online Buddies—the parent company of Jack’d, which also owns the gay dating site Manhunt—agreed to pay $240,000 in a settlement with the New York Attorney General’s office after almost 2,000 New York users had their nude photos exposed via an unsecured Amazon cloud server. A second vulnerability also exposed users’ location data, device ID, operating system version, last login date, and hashed passwords.

      Jack’d allows a user to upload an album of public photos to their profile—“nudity prohibited,” the instructions direct—and another album of private pictures that require permission to view. These hidden images carry no such constraint on sexually explicit content. Both types of photos, however, were left out in the open on the unsecured server.

      In addition to the fine, the company committed to substantially improving the security of its app as part of the settlement. 

      Online Buddies remains responsible for paying the fine, according to a spokesman for the Attorney General’s office, but Scruff’s parent company Perry Street Software will now be responsible for implementing security upgrades. The spokesman added that the office intends to ensure the terms of the settlement are followed and users’ privacy is protected.

      “The opportunity to acquire Jack’d was an especially unique one,” Eric Silverberg, CEO of Perry Street, told The Daily Beast. 

      “Jack’d was one of the earliest and largest queer spaces and queer apps on the market,” Silverberg said, adding that the acquisition is an opportunity for Scruff to expand in markets like East Asia.

      Silverberg said Perry Street was always planning to overhaul the technology of Jack’d but that his company had notified the Attorney General of the acquisition negotiations to ensure their intentions aligned with the terms of the settlement. Jack'd will continue operating as a standalone app.

      The company says it plans to redesign the app from the ground up, enhancing Jack’d users’ controls over their privacy and rejiggering key features. The advertising experience will also change: Scruff stopped showing users programmatic advertising in late 2018, and Jack’d will follow suit after the acquisition.

      The Attorney General penalized Online Buddies not only for the security failure but also for looking the other way after becoming aware of it. Though the flaw was first publicly reported in February 2019, a security researcher had notified the company of the vulnerability a year prior to no effect. 

      Perry Street learned about the breach at the same time as the general public, according to Silverberg, even as the company was more than six months into discussions of the acquisition of Jack’d. He blasted Online Buddies’ response to the problem. 

      “[Perry Street] will always prioritize these kinds of issues. I cannot even fathom a scenario where someone would bring this to our attention and we wouldn’t address it immediately. It was frankly unfathomable to us when we first read about it in February,” he said, adding that Scruff has not weathered a data breach.

      Silverberg, who identifies as gay, said the work of protecting user privacy has particular resonance to him since he and others at Perry Street are members of the LGBTQ community and users of their own product.

      “If there’s any suggestion of a data breach or a security issue, we stop what we’re doing and work relentlessly until it’s addressed,” he said. “The work we do is personal for our members, and it’s personal for us. We are sharing our community, sharing this app, with our friends and loved ones.” 

      Jack’d isn’t alone among in its privacy woes. Several other high-profile dating apps have suffered breaches or failed to protect their users in recent years. The gay dating app Grindr was found to be sharing users’ HIV status and location with third-party app optimization companies in April 2018, though it vowed to stop.

      A Tinder vulnerability exposed last year allowed hackers to take over accounts using only a phone number. The company patched it before disclosure. In February, some OkCupid users reported hacked accounts, but the company denied a data breach. OkCupid, Match, and other major dating sites still do not offer two-factor authentication—one of the most robust ways for users to secure accounts.

      Blake Montgomery

      Reporter/Editor

      @blakersdozenBlake.Montgomery@thedailybeast.com

      Got a tip? Send it to The Daily Beast here.

      READ THIS LIST

      DAILY BEAST
      • Cheat Sheet
      • Politics
      • Entertainment
      • Media
      • World
      • Innovation
      • U.S. News
      • Scouted
      • Travel
      • Subscription
      • Crossword
      • Newsletters
      • Podcasts
      • About
      • Contact
      • Tips
      • Jobs
      • Advertise
      • Help
      • Privacy
      • Code of Ethics & Standards
      • Diversity
      • Terms & Conditions
      • Copyright & Trademark
      • Sitemap
      • Best Picks
      • Coupons
      • Coupons:
      • Dick's Sporting Goods Coupons
      • HP Coupon Codes
      • Chewy Promo Codes
      • Nordstrom Rack Coupons
      • NordVPN Coupons
      • JCPenny Coupons
      • Nordstrom Coupons
      • Samsung Promo Coupons
      • Home Depot Coupons
      • Hotwire Promo Codes
      • eBay Coupons
      • Ashley Furniture Promo Codes
      © 2023 The Daily Beast Company LLC