TECH CRUNCH – Dating app Raw exposed users' personal data and precise location information due to a security flaw. The app leaked names, birthdates, preferences, and GPS data through a public server lacking proper authentication. The app did not use end-to-end encryption as claimed. Raw fixed the bug after being contacted, but has not notified affected users or undergone a third-party security audit. The vulnerability was due to an insecure direct object reference (IDOR), a known and easily exploitable bug.
by Zack Whittaker
See full article at Tech Crunch