Boston/ Science, Tech & Medicine
AI Assisted Icon
Published on February 26, 2024
Harvard Student Exposes Datamatch Security Flaws, Revealing Private Rice Purity ScoresSource: Instagram/datamatch

A Harvard undergrad named Sungjoo Yoon, operating under the pseudonym "bernie marx", has shed light on a significant security flaw in Datamatch, the matchmaking service popular across colleges. The student exposed the private Rice Purity Test scores of freshmen, which are often meant for personal reflection rather than public scrutiny, stirring up a dialogue about the sanctity of student data privacy, as reported by The Crimson.

Probing into the underbelly of data security, Yoon unveiled that the test scores and students' initials were displayed on "the data privacy project", a website he created last Sunday. Appearing to serve as a wakeup call to his peers about the risks of their informational footprint online, Yoon claimed that the disclosed information constituted less than a minute fraction of the accessible private data. He defended his actions, asserting the anonymized data posed no harm to individuals, and the material will be purged after one week.

Many students were quick to take their qualms and quips about the impromptu data leak to Sidechat, the social media platform where Harvard undergraduates maintained their anonymity. A spectrum of reactions came about, with some grappling with concerns over the fate of their data privacy, while a handful found humor in the situation.

Allegations made by Yoon indicate that Datamatch had fallen short in safeguarding its user data, with claims that sensitive information, such as the Rice Purity scores, gender identities, and campus locations could be called up with ease. Yoon, delving into the crux of the matter, stated that the matchmaking service's algorithm also carried an unintentional bias against ethnic names, failing to accommodate diacritics, "anyone with 10 seconds can thus pull this sensitive/vulnerable user data from their personal device" Yoon wrote on the website, as per The Crimson.

Datamatch's leadership, represented by co-president Nadine Han, confirmed that action was underway to investigate the matter. Han's reassurance to users was that all profiles had been locked down. "We can guarantee that all profiles have been locked since approximately 9:30pm so that users can only view their information and no one else can," Han explained in an emailed statement obtained by The Crimson.

Amidst the unfolding of these events, Yoon, articulating his concerns through his platform, issued a statement that cautioned the student body on the broader implications of the data economy, warning of invasive governmental and corporate practices. In a blunt appeal for a heightened collective consciousness surrounding data privacy, Yoon lamented the casualness with which personal information was surrendered, leveraging the published Rice Purity Scores to captivate attention while minimizing potential harm.

Boston-Science, Tech & Medicine