- The Amazon rainforest is on fire–and people are using memes to cope 1 Week Ago
- Microsoft contractors listened in on Xbox users Today 2:15 PM
- Anti-vaxxer assaults pro-vaccine lawmaker on Facebook Live (updated) Today 2:15 PM
- Oreos licked by singer Lewis Capaldi are being auctioned off on eBay Today 1:54 PM
- Zach Braff predicted Sean Spicer would be on ‘Dancing With the Stars’ 2 years ago Today 1:38 PM
- NYPD sergeant who watched Eric Garner die punished with lost vacation days Today 1:27 PM
- Brie Larson haters have a meltdown over a joke about Thor’s hammer Today 1:26 PM
- This comedian attempted to make fun of women on Twitter—and it did not go over well Today 1:04 PM
- Logan Paul wants to help the Amazon rainforest Today 12:36 PM
- Nutaku announces redesign and filters for LGBTQ porn games Today 12:25 PM
- This video of dozens of inflatable mattresses taking off in the wind is perfect Today 12:20 PM
- Reddit mods restore Tiananmen Square image after censorship claims Today 12:18 PM
- Billie Eilish parody takes dad jokes to a whole new level Today 11:52 AM
- How to stream Eagles vs. Ravens in NFL preseason action Today 11:26 AM
- How to create your very own Instagram hoax Today 11:15 AM
Security researchers discovered that four popular dating apps have been leaking the exact locations of their users.
Grindr, Romeo, Recon, and 3fun, according to security company Pen Test Partners, were potentially putting the location data of as many as 10 million users at risk.
The security firm says it was able to create a tool that allowed them to enter any location and quickly learn exactly where users of the four apps were located.
“By supplying spoofed locations (latitude and longitude) it is possible to retrieve the distances to these profiles from multiple points, and then triangulate or trilaterate the data to return the precise location of that person,” a blog post from the firm explained.
The company goes on to add that individual users can even be tracked “in near real-time” by simply knowing their usernames.
“Asides from exposing yourself to stalkers, exes, and crime, de-anonymizing individuals can lead to serious ramifications,” the blog post says.
The discovery is especially worrying given that some of the apps cater specifically to members of the LGBT+ community. Pen Test Partners says it was able to locate users in countries such as Saudi Arabia, which “still carries the death penalty for being LGBT+.”
“It is difficult for users of these apps to know how their data is being handled and whether they could be outed by using them,” the company writes. “App makers must do more to inform their users and give them the ability to control how their location is stored and viewed.”
After contacting the companies behind the apps, Pen Test Partners says it received a degree of different responses.
The company behind the Romeo app pointed to a feature that allows users to not use their exact location, but the security firm says the option is not enabled by default and is buried in the app’s settings.
3Fun stated that it would “fix the problems as soon as possible” after being made aware.
Recon likewise stated that it would fix the issue and is believed to have done so within the last few days.
Grindr, on the other hand, did not respond to the incident.
Pen Test Partners says it hopes its discovery will allow users to become more aware of how vulnerable their private information is once it’s handed over to dating apps.
- Startup secretly collected millions of Instagram users’ location data, stories
- Twitter bug shared some user’s location data without their consent
- New Google feature will let users auto-delete location data
H/T Threat Post
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.