The dating app Raw, which recently announced a new wearable device called the Raw ring, has come under scrutiny for inadvertently exposing users' personal data. Raw positions itself as a platform promoting "real and unfiltered love" with an interface inspired by BeReal, which utilizes both the front and back cameras of users' phones. However, the company's commitment to transparency seems to have extended beyond its intended purposes, leading to significant privacy concerns. TechCrunch discovered that Raw was leaving users' personal information open to public access due to a lack of basic digital security measures. Prior to this discovery, anyone with a web browser could easily access detailed user profiles, including dates of birth, display names, sexual preferences, and even street-level location data. To investigate, TechCrunch installed Raw on a virtualized Android device and used a network monitoring tool to observe data transmission. Within minutes, they identified that personal data was being transmitted without any form of authentication protection. The security flaw, known as an insecure direct object reference (IDOR), allowed unauthorized individuals to access or modify other users' data by manipulating URL parameters. Specifically, visiting the web address api.raw.app/users/ followed by a unique 11-digit number corresponding to a user's identifier would reveal that user’s private information, including their approximate location. By changing these digits, one could retrieve the private data of any other app user. Gizmodo contacted Raw for a comment. According to statements provided to TechCrunch, the company has addressed the security issues as of Wednesday. Marina Anderson, co-founder of Raw, stated, “All previously exposed endpoints have been secured, and we’ve implemented additional safeguards to prevent similar issues in the future.” While inadequate data security is not uncommon in the software industry, it is particularly worrisome in the context of dating apps. These platforms handle highly sensitive and intimate information, making it crucial to prioritize robust security practices. Despite the potential time and cost constraints, companies must invest in securing user data to avoid the kinds of breaches that can have severe personal and emotional consequences. The raw exposure of such data is a stark reminder of the importance of diligence in cybersecurity, especially as technology continues to integrate more deeply into our personal lives. As Raw aims to enhance trust between users with its Raw ring—a device designed to track partners' locations to prevent infidelity—the recent breach casts a shadow over these efforts. It highlights the delicate balance between fostering transparency and safeguarding privacy, emphasizing that additional technological features should not compromise security. In summary, Raw’s recent data exposure serves as a cautionary tale for tech companies, particularly those in the dating app sector. While innovation and unique features are important, they should never come at the expense of users' trust and privacy.