While that data would be sensitive in most any context, it could be particularly damaging with an app like 3Fun. An attacker could have used the info for extortion, scams or stalking knowing that many of the victims might be hesitant to let this knowledge escape into the wild. The consequences wouldn’t necessarily be as dire as they were with the Ashley Madison breach, but they could still have been serious.

To its credit, 3Fun fixed the issue within a few weeks of Pen Test notifying the company on July 1st. The concern is that 3Fun exposed this information in the first place. It didn’t just reflect a lack of concern for users’ security, it jeopardized their trust. Dating apps rely on privacy and discretion as a matter of course, and users could quickly jump ship if they don’t feel their info is truly secure.