Expert Comments

Privacy Experts On API Bug On Dating Site Bumble Exposed Personal Information Of 100M Users

Expert(s):
Expert(s):

An API bug in popular dating sites Bumble exposed personal information of users which includes like political leanings, astrological signs, education, and even height and weight, and their distance away in miles. The bug is found by an independent Security Evaluators researcher Sanjana Sarda and she can able to access personal information for the platform’s entire user base of nearly 100 million.

Experts Comments

Dot Your Expert Comments
Paul Bischoff
November 18, 2020
Privacy Advocate
Comparitech

Dating app users tend to publicly share far more information about themselves than they would on a typical social media app.
The vulnerabilities that Sarda found in Bumble could open users up to harassment, stalking, fraud, and other dangers. An attacker could triangulate a user's location and filter searches of the entire Bumble database by distance, interests, the type of people they are interested in, education, online status, height, and pretty much any other personal detail that a user enters into the app. Dating app users tend to publicly share far more information about themselves than they would on a typical.....Read More
The vulnerabilities that Sarda found in Bumble could open users up to harassment, stalking, fraud, and other dangers. An attacker could triangulate a user's location and filter searches of the entire Bumble database by distance, interests, the type of people they are interested in, education, online status, height, and pretty much any other personal detail that a user enters into the app. Dating app users tend to publicly share far more information about themselves than they would on a typical social media app, so trust is key. Dating apps that want to retain users need to ensure their data is safe and private. Bumble was thankfully on HackerOne, so the vulnerabilities were probably discovered by Sarda before any malicious parties, but the company took far too long to respond and remediate the issues.  Read Less
Boris Cipot
November 18, 2020
Senior Sales Engineer
Synopsys

APIs are an integral part of almost every application today.
APIs are an integral part of almost every application today. They enable integration with other systems, communication with databases and provide an interface for configuration of the application. As such, they should be frequently tested in detail. As we see here, the API provides access to the data the application uses. The security researcher managed to bypass Bumble’s protections and accessed premium features, granting her access to Bumble’s users and personal user data. This security.....Read More
APIs are an integral part of almost every application today. They enable integration with other systems, communication with databases and provide an interface for configuration of the application. As such, they should be frequently tested in detail. As we see here, the API provides access to the data the application uses. The security researcher managed to bypass Bumble’s protections and accessed premium features, granting her access to Bumble’s users and personal user data. This security defect could not only have a negative impact on Bumble’s business, but could also affect its reputation and the confidence its users have in trusting the service with their personal data if it were leveraged by a malicious hacker. Thankfully an ethical hacker identified the issue and disclosed it responsibly to Bumble.  Read Less
Chris Hauk
November 18, 2020
Consumer Privacy Champion
Pixel Privacy

API developers should be ready to accept the burden of ensuring their APIs are as free as possible.
This is an issue that will continue to explode, thanks to the popular use of APIs among developers. This makes it easier for the bad actors of the world to benefit from the reuse of code to exploit programming flaws and other human errors, such as misconfigured access control and authentication processes. API developers should be ready to accept the burden of ensuring their APIs are as free as possible from flaws that allow outsiders to take advantage of exploits like the Bumble exploit.

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords

Expert Reaction On Go Is Becoming The Language Of Choice...

Experts On Google Voice Outage

Expert Reaction On GCHQ To Use AI In Cyberwarfare

Comment: Hackers Break Into ‘Biochemical Systems’ At Oxford Uni Lab...

Expert Reaction On Private Data Leaked From Far-right Platform Gab

Hackers Break Into ‘Biochemical Systems’ At Oxford Uni Lab Studying...

NPower Shutsdown App After Hackers Steal Customer Bank Info