News
HMS Is Facing a Deficit. Under Trump, Some Fear It May Get Worse.
News
Cambridge Police Respond to Three Armed Robberies Over Holiday Weekend
News
What’s Next for Harvard’s Legacy of Slavery Initiative?
News
MassDOT Adds Unpopular Train Layover to Allston I-90 Project in Sudden Reversal
News
Denied Winter Campus Housing, International Students Scramble to Find Alternative Options
Datamatch, a student-run online matchmaking platform, launched its annual friendship matching service for freshmen last week, seven months after private student data was leaked following the launch of their Valentine’s Day matchmaking service.
Meet28, the fifth iteration of Datamatch’s friendship matching program, asks participants from the Class of 2028 to fill out a survey of ten questions, before the organization’s algorithm pairs the user with ten potential matches from their class.
But concerns remain regarding the software’s security measures after data from the group’s Valentine’s Day survey was exposed on a website created by Harvard undergraduate Sungjoo Yoon ’27 in February. The website, titled “the data privacy project,” sought to bring awareness to potential security vulnerabilities within Datamatch’s system.
In response, the group said in March that they would “re-evaluate the design of our website and our security infrastructure.” But in a Tuesday interview, Yoon said there exists “some empirical evidence that they haven’t learned from last year.”
Specifically, Yoon pointed to the fact that Datamatch’s privacy policy has gone unchanged since February 2021.
“I think the reality is that the Datamatch team is just full of a lot of irresponsible people,” Yoon said.
Yoon said that typically, organizations update their privacy policy following data breaches to note remedial measures, adding that “previous iterations of Datamatch have adhered to that.”
The breach that Yoon exploited in February, he said, was already listed as a resolved security flaw by Datamatch in previous years.
“They actually point out the exact same flaw that I uncovered last year having happened in years prior, and they obviously just built on top of that,” he said. “They’ve done no work on their part — at least on the part of a privacy policy — to fundamentally change or recognize any of the issues that occurred last year.”
In a statement, Datamatch co-president Howard R. Huang ’26 wrote that the organization is “establishing new measures on our Web team which manages our database to teach new members proper data protection techniques.”
“We emailed all of the tens of thousands of affected users last year,” Huang wrote. “We don’t believe the events of last year should affect our privacy policy’s contents as we still have the same ideal we would like to achieve regarding privacy.”
Huang also wrote that Datamatch does not “have the resources of a company as we don’t make revenue directly off of our users” or an “in-house legal team to annually update all of our legal documentation.”
But Yoon questioned whether undergraduates should be trusted at all with projects like Datamatch.
“I would beg the question as to whether or not undergraduates should even be taking on projects like that when they don’t have the right types of resources to secure their databases,” he said.
Aadya R. Gujja ’28 said that despite potential security vulnerabilities, she will be participating in Meet28.
“It’s not that big of a deal because you’re not putting much private stuff on there,” Gujja said. “I don’t really care, personally.”
But other members of the freshmen class who planned to participate in Meet28 were unaware of the previous data breach and said they desired more transparency from Datamatch.
“I feel like they definitely should add it, so people know what they’re getting into,” Meet28 participant Audrey Y. Sun ’28 said. “I think it’s a cool program but yeah, it makes me a little scared.”
“I don’t want any of my information to get stolen or hacked,” Saarah S. Hassan ’28 said. “Like, that’s just not my jam.”
—Staff writer Hiral M. Chavre can be reached at hiral.chavre@thecrimson.com.
—Staff writer Samuel A. Church can be reached at samuel.church@thecrimson.com. Follow him on X @samuelachurch.
Want to keep up with breaking news? Subscribe to our email newsletter.