Group Dating App 3fun Exposed Sensitive Data On 1.5 Million Users

Attackers could have used 3fun to create profiles of the users with both typical profile information and physical location data of its users who are billed as kinky, open-minded people. This can be sensitive information that used for harassment and persecution of LGBTQ+ individuals. Due to the multiple security vulnerabilities in the application, researchers were able to manipulate their session details to change data attributes and collect profile information of other registered users. This is where a layered security approach that establishes a trusted device profile is critical to providing a better consumer experience that validates the device and prevents attribute spoofing. The experience is frictionless to most consumers (as long as they don’t show signs of risk, there is no need for additional authentication) while it mitigates the risk organizations face such as spoofed or manipulated device intelligence data. It’s important to foster inclusion and diversity in all environments – acceptance matters.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Justin Fox
Justin Fox , Director of DevOps Engineering
InfoSec Expert
August 9, 2019 3:33 pm

Attackers could have used 3fun to create profiles of the users with both typical profile information and physical location data of its users who are billed as kinky, open-minded people. This can be sensitive information that used for harassment and persecution of LGBTQ+ individuals. Due to the multiple security vulnerabilities in the application, researchers were able to manipulate their session details to change data attributes and collect profile information of other registered users. This is where a layered security approach that establishes a trusted device profile is critical to providing a better consumer experience that validates the device and prevents attribute spoofing. The experience is frictionless to most consumers (as long as they don’t show signs of risk, there is no need for additional authentication) while it mitigates the risk organizations face such as spoofed or manipulated device intelligence data. It’s important to foster inclusion and diversity in all environments – acceptance matters.

Last edited 3 years ago by Justin Fox
1
0
Would love your thoughts, please comment.x
()
x