Attackers could have used 3fun to create profiles of the users with both typical profile information and physical location data of its users who are billed as kinky, open-minded people. This can be sensitive information that used for harassment and persecution of LGBTQ+ individuals. Due to the multiple security vulnerabilities in the application, researchers were able to manipulate their session details to change data attributes and collect profile information of other registered users. This is where a layered security approach that establishes a trusted device profile is critical to providing a better consumer experience that validates the device and prevents attribute spoofing. The experience is frictionless to most consumers (as long as they don’t show signs of risk, there is no need for additional authentication) while it mitigates the risk organizations face such as spoofed or manipulated device intelligence data. It’s important to foster inclusion and diversity in all environments – acceptance matters.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
