Tinder accounts were almost swiped right into the hands of hackers after researchers found they were able to login to user accounts using just a phone number. While the vulnerability is now fixed, it’s obviously worrying that chat history and photos could have been exposed. IT security experts commented below.
Dr. Giovanni Vigna, CTO and Co-Founder at Lastline:
“This is a particularly worrying example of how social media can cause an issue, as the nature of the app means particularly sensitive or embarrassing data could have been exposed and leveraged by bad actors. For hackers, accessing social network credentials is not only an effective way to access personal data, but also to exploit the trust between users and the app to spread malware, and also expand the criminals’ foothold if users re-use credentials (e.g. passwords and secret questions) across other accounts. The impact of this type of flaw, although now fixed, would be significantly reduced had 2-factor authentication been used.”
Tim Helming, Director of Product Management at DomainTools:
“This is an example of the importance of strong, accurate authentication measures for all apps that hold potentially sensitive data. Tinder has millions of users worldwide, and the highly personal nature of any dating app means malicious actors gaining access to accounts could use social engineering tactics on unwitting app users, exploiting the wealth of personal information contained in the app. It’s encouraging that Tinder have now fixed the vulnerability in question, but the implementation of more stringent measures would have prevented this from happening in the first place.”