Security flaw in dating app Tinder gave out location of users, according to security firm

tinder

A security flaw in Tinder, which is a dating app, may have accidentally given out the exact location of its users.

The flaw according to Include Security. a consulting firm specializing in security, had been present for the majority of 2013. The firm wrote a blog post about it, and said that the flaw let any Tinder user, one with the requisite programming skills though, to find out another users latitude and longitude.

Tinder came out in 2012 and it is a relatively simple dating app. It uses your location to find those of the opposite sex nearby, showing you their picture, and if you like you swipe right. If that person does the same with your photo, there is a match, and you can then message the person.

Because of the proximity factor of this app, Tinder was sending out very accurate information about their user’s locations. Not only could that be used by someone who is more tech-savy to locate a user, but Include Security even managed to create their own app called TinderFinger, which could find a Tinder user just by putting in their id number.

There’s also no way of knowing if your own location has been compromised.

“Due to Tinder’s architecture, it is not possible for one Tinder user to know if another took advantage of this vulnerability during the time of exposure,” Erik Cabetas, who is Include Security’s founder, said via statement. “The repercussions of a vulnerability of this type were pervasive given Tinder’s massive global base of users.”

Since the security flaw was reported to Tinder by Include Security back in October of 2012, the flaw has been fixed, though this was only done in January of 2014.

[via Cnet]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

1 comment