Tinder accounts were almost swiped right into the hands of hackers after researchers found they were able to login to user accounts using just a phone number. While the vulnerability is now fixed, it’s obviously worrying that chat history and photos could have been exposed. IT security experts commented below.
Dr. Giovanni Vigna, CTO and Co-Founder at Lastline:
“This is a particularly worrying example of how social media can cause an issue, as the nature of the app means particularly sensitive or embarrassing data could have been exposed and leveraged by bad actors. For hackers, accessing social network credentials is not only an effective way to access personal data, but also to exploit the trust between users and the app to spread malware, and also expand the criminals’ foothold if users re-use credentials (e.g. passwords and secret questions) across other accounts. The impact of this type of flaw, although now fixed, would be significantly reduced had 2-factor authentication been used.”
.
Tim Helming, Director of Product Management at DomainTools:
“This is an example of the importance of strong, accurate authentication measures for all apps that hold potentially sensitive data. Tinder has millions of users worldwide, and the highly personal nature of any dating app means malicious actors gaining access to accounts could use social engineering tactics on unwitting app users, exploiting the wealth of personal information contained in the app. It’s encouraging that Tinder have now fixed the vulnerability in question, but the implementation of more stringent measures would have prevented this from happening in the first place.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.