- People are using #WheresLindsey to criticize Graham over Trump ‘lynching’ defense Tuesday 8:22 PM
- 2 Proud Boys sentenced to 4 years in prison for attacking antifa protesters Tuesday 7:20 PM
- Paul Joseph Watson is very upset by bartender serving beer with her butt Tuesday 6:24 PM
- Twitter developing a policy to combat deepfakes Tuesday 5:28 PM
- The Nate Diaz vs. Jorge Masvidal bout at UFC 244 is perfect for NYC and its fight mecca Tuesday 5:27 PM
- Alexis Bledel named most dangerous online celebrity Tuesday 5:02 PM
- Kylie Jenner trademarks ‘rise and shine’ after meme success Tuesday 4:50 PM
- ‘Watchmen’ website expands what you know about its alt-history Tuesday 4:31 PM
- Smoke ’em, pass ’em Week 8: Mark Walton szn Tuesday 4:26 PM
- Venmo’s first-ever credit card to launch in 2020 Tuesday 3:46 PM
- Wet Kylo Ren may turn everyone to the dark side Tuesday 3:15 PM
- Man allegedly targeted trans women on dating app, robbed them at knifepoint Tuesday 3:02 PM
- Researchers expose how Amazon Echo and Google Home can steal passwords Tuesday 2:47 PM
- Facebook removing Instagram Story filters that mimic plastic surgery Tuesday 2:16 PM
- Mom solves ‘ghost baby’ image mystery after viral post Tuesday 1:23 PM
Security researchers discovered that four popular dating apps have been leaking the exact locations of their users.
Grindr, Romeo, Recon, and 3fun, according to security company Pen Test Partners, were potentially putting the location data of as many as 10 million users at risk.
The security firm says it was able to create a tool that allowed them to enter any location and quickly learn exactly where users of the four apps were located.
“By supplying spoofed locations (latitude and longitude) it is possible to retrieve the distances to these profiles from multiple points, and then triangulate or trilaterate the data to return the precise location of that person,” a blog post from the firm explained.
The company goes on to add that individual users can even be tracked “in near real-time” by simply knowing their usernames.
“Asides from exposing yourself to stalkers, exes, and crime, de-anonymizing individuals can lead to serious ramifications,” the blog post says.
The discovery is especially worrying given that some of the apps cater specifically to members of the LGBT+ community. Pen Test Partners says it was able to locate users in countries such as Saudi Arabia, which “still carries the death penalty for being LGBT+.”
“It is difficult for users of these apps to know how their data is being handled and whether they could be outed by using them,” the company writes. “App makers must do more to inform their users and give them the ability to control how their location is stored and viewed.”
After contacting the companies behind the apps, Pen Test Partners says it received a degree of different responses.
The company behind the Romeo app pointed to a feature that allows users to not use their exact location, but the security firm says the option is not enabled by default and is buried in the app’s settings.
3Fun stated that it would “fix the problems as soon as possible” after being made aware.
Recon likewise stated that it would fix the issue and is believed to have done so within the last few days.
Grindr, on the other hand, did not respond to the incident.
Pen Test Partners says it hopes its discovery will allow users to become more aware of how vulnerable their private information is once it’s handed over to dating apps.
- Startup secretly collected millions of Instagram users’ location data, stories
- Twitter bug shared some user’s location data without their consent
- New Google feature will let users auto-delete location data
H/T Threat Post
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.