An API bug in popular dating sites Bumble exposed personal information of users which includes like political leanings, astrological signs, education, and even height and weight, and their distance away in miles. The bug is found by an independent Security Evaluators researcher Sanjana Sarda and she can able to access personal information for the platform’s entire user base of nearly 100 million.
Experts Comments
APIs are an integral part of almost every application today.
APIs are an integral part of almost every application today. They enable integration with other systems, communication with databases and provide an interface for configuration of the application. As such, they should be frequently tested in detail. As we see here, the API provides access to the data the application uses.
The security researcher managed to bypass Bumble’s protections and accessed premium features, granting her access to Bumble’s users and personal user data. This security.....Read More
API developers should be ready to accept the burden of ensuring their APIs are as free as possible.
This is an issue that will continue to explode, thanks to the popular use of APIs among developers. This makes it easier for the bad actors of the world to benefit from the reuse of code to exploit programming flaws and other human errors, such as misconfigured access control and authentication processes.
API developers should be ready to accept the burden of ensuring their APIs are as free as possible from flaws that allow outsiders to take advantage of exploits like the Bumble exploit.
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Paul Bischoff, Privacy Advocate, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Dating app users tend to publicly share far more information about themselves than they would on a typical social media app...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/privacy-experts-on-api-bug-on-dating-site-bumble-exposed-personal-information-of-100m-users
Facebook Message
@Paul Bischoff, Privacy Advocate, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Dating app users tend to publicly share far more information about themselves than they would on a typical social media app...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/privacy-experts-on-api-bug-on-dating-site-bumble-exposed-personal-information-of-100m-users