‘Just Take My Information’: Harvard Students Risk Leaks for Love on Datamatch

As Harvard students begin to complete Datamatch’s annual survey on Friday, memories of last year’s data leak may force them to contemplate more than just what their “Roman Empire” is.

Last February, the student-run matchmaking organization’s reputation was put through the wringer when participating students’ personal information was leaked online. Sungjoo Yoon ’27 created a website and uploaded students’ initials alongside their Rice Purity Scores — scraped from Datamatch.

According to Yoon, the site’s data security weaknesses remain. Still, many students said they were excited to use the service, unconcerned with data privacy.

“I’m looking for stories. For lore,” Linden A. McCarl ’28 said.

“Just take my information. It’s okay,” she added when asked if she was concerned about data protection.

Datamatch — which annually blasts a humorous multiple-choice survey to undergraduates looking for love and friendship — was founded at Harvard in 1994, and has since expanded nationally to schools like Princeton and Vanderbilt. Harvard students who register receive 10 platonic or romantic matches on Valentine’s Day, when they can begin going on dates entirely sponsored by Harvard Square businesses.

According to Datamatch co-president — or “Supreme Cupid” — Howard R. Huang ’26, the crux of the site’s data insecurity last year was Datamatch’s search function. Previously, participants could search other users to match directly with them — a feature that required students’ data to be public to users, making the data scrapeable, Huang said.

“It was pretty straightforward to scrape everyone’s data, essentially, if you wanted to,” he said. “There wasn’t really a way for us to effectively block it, because otherwise we’d have to disable the feature.”

The search function has been removed since last year, Huang said. To match with specific people, Datamatch participants can instead use the “crush roulette” function, which allows users to submit two emails and increase the probability that the algorithm matches them.

But Yoon said the removal of Datamatch’s search function “doesn’t do anything to change any of the structural vulnerabilities,” due to a lack of encryption.

Jackson Moody ’26, a member of Datamatch’s website team, wrote that the group has “looked extensively at our security following the exposure of last year’s vulnerabilities” in a statement to The Crimson.

Moody wrote that no vulnerabilities have been identified in Datamatch 2025.

“This year, we have reduced the amount of personally identifying information stored on our backend and performed rigorous testing to ensure that all data stored is secure,” he wrote.

Huang said the group has worked to better document its code base, in order to combat loss of institutional memory in the club’s student turnover.

But Yoon insisted that there are “plenty of vulnerabilities that are left.”

“They should be particularly careful about how they store user messages in their database and how easily those can be spoofed,” he said.

Moody said the Datamatch team has “addressed” the spoofing issue.

When asked if he planned to investigate Datamatch’s vulnerabilities again, Yoon said that he will “not publish anything this year.”

“I think I’ve made my point,” Yoon said. “I don’t plan on doing anything like what I did last year, but that doesn’t mean that they changed or fixed it.”

Though Yoon’s concerns linger, many Harvard students seemed unfazed by last year’s leak.

Kate O. Gilliam ’26, who plans to participate in Datamatch this year, said she is “not really that worried about the data getting accessed.”

“I just think nothing on there is that serious,” she said.

Isabela C. Gonzalez-Lawand ’26 — who has participated in Datamatch every year — was unperturbed by the breach.

“I didn’t really care,” Gonzalez-Lawand said. “I don’t read any terms and conditions for apps and stuff, so I feel like I was already giving my data out.”

But Gonzalez-Lawand said she did not plan on participating in this year’s Datamatch since she “gets the same three matches every year.”

Some students, like Silas Camp ’26, said they plan to exercise caution when using Datamatch after learning of last year’s leak.

“It won’t refrain me from using the website, but I definitely will be more cognizant of the information I put in,” he said. “I’m not personally worried, but I do understand why other people might be hesitant to use the resource.”

Claire S. Elliott ’26-’27, who plans to participate in this year’s Datamatch, said she isn’t troubled by the possibility of her data being released.

“What’s the worst that could happen?” she said.

—Staff writer Hiral M. Chavre can be reached at hiral.chavre@thecrimson.com. Follow her on X @h_chavre.

—Staff writer Darcy G Lin can be reached at darcy.lin@thecrimson.com.