Tinder dating app bug exposed millions of geolocations, and the company kept quiet about it

  • 19 February 2014
  • 4 replies
  • 1248 views

Userlevel 7
Badge +54
Online dating app Tinder for most of last year suffered a bug that would have allowed hackers to determine the exact location of its users.

Disclosed on Wednesday by information security firm Include Security, the company said the popular geolocation-based app, used often for finding dating matches and random hookups (hello, elephant in the room), put users at risk as a result of the security vulnerability.

If the app was running, the company said, anyone with knowledge could "get the exact latitude and longitude co-ordinates for any Tinder user."

The app is simple. You can see people within your close geographical location and "like" or "nope" them. If two people "like" each other, they can chat on their mobile devices.

Describing this as a "privacy violation" for the users of the popular app that's available for both Android and iOS devices, the company confirmed that "anyone with rudimentary programming skills could query the Tinder API directly and pull down the co-ordinates of any user."

From the API data, it was possible to triangulate the exact location of a user with a "very high degree of accuracy," specifically within 100 feet from the company's experiments.

In an FAQ on its disclosure blog post, the research firm warned that these flaws can be "common place in the mobile app space."
 
Full Article

4 replies

Userlevel 7
Badge +56
I guess that's good news if you are a hitman 🙂
**bleep** now the flower shops are going to run out of Yellow Chrysanthemum
Userlevel 7
Badge +56
@ wrote:
**bleep** now the flower shops are going to run out of Yellow Chrysanthemum
For those who don't get the reference, apparently Russian mobsters are in the habit of deliverying yellow chrysanthemums as part of their hits.  
Userlevel 7
Badge +54
"I guess that's good news if you are a hitman"
 
 
Actually Nic, that is just what I thought as well 😃

Reply