Massage app users accused of sexual misconduct exposed by major data leak
Leaked files included complaints about clients described as 'dangerous' and under police investigation for incidents including asking for 'massage in genital area'
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A popular massage app has revealed the names and details of thousands of British clients who had been reported for sexual misconduct.
The leaked files included complaints about clients described as “dangerous” and under police investigation for incidents including asking for “massage in genital area”.
Urban Massage - a service which provides treatments in the comfort of the home - accidentally left its whole customer database online.
This allowed anyone who knew where it was hosted to search, edit or delete the information it held.
It has notified the Information Commissioner’s Office (ICO), the UK’s privacy watchdog, after a security analyst discovered the names, email addresses and phone numbers of hundreds of thousands of therapists and customers online.
It is not clear how long the database was exposed or if anyone else was able to access it before it was pulled. It is thought to have been online for several weeks until security researcher Oliver Hough alerted a journalist at TechCrunch.
One user, who did not want to be named, told the publication the data exposure was a “huge violation” of her privacy.
Urban Massage, an app that offers “wellness that comes to you” and boasts of providing services within the hour, said it had secured the information on Tuesday morning when news of the breach became public.
Urban Massage, which has headquarters in London, could be hit with a substantial fine if the ICO were to decide the app infringes the General Data Protection Regulation.
The app, which changed its name to Urban, operates in cities across the UK and in Paris and doesn't just provide massages - recently introducing osteopath, facial and manicure and pedicure services.
Founder Jack Tang recently claimed the app, which was founded in 2014 and is reported to be worth more than £12m, had 101,000 active users and 2,500 active therapists. He has also said he is keen to build Europe’s leading “holistic wellness” platform.
Mr Tang told the Independent that a researcher had found a vulnerability in the app's security and contacted a US media site.
He added: "We immediately closed the potential vulnerability and have taken all appropriate action, including by notifying users and the ICO.
"The researcher has now confirmed to us that he did not copy or retain any data and that he did not pass anything to anyone else other than the journalist. That was the only access we are aware of. We would like to apologise to anyone potentially affected and continue to investigate this matter as a priority.”
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments