- James Charles receives backlash over ‘racist’ imitation of Latinx TikTok character, Rosa Tuesday 7:06 PM
- Video shows people harassing elderly Asian man while he collects cans Tuesday 6:23 PM
- Bob Iger steps down as Disney CEO, prompting conspiracy theories Tuesday 5:53 PM
- Bhad Bhabie threatens to kill Skai Jackson amid feud involving their moms Tuesday 4:51 PM
- Body camera shows officer boasting about arresting a 6-year-old Tuesday 3:58 PM
- Singer Duffy opens up about the rape, captivity that led her to stop singing Tuesday 3:51 PM
- Cynthia Nixon embodies feminist rage in viral video Tuesday 3:30 PM
- Samsung factory shuts down amid confirmed coronavirus case Tuesday 3:08 PM
- Bebe Rexha says she won’t be ‘imprisoned’ by bipolar disorder Tuesday 2:33 PM
- The ‘your music saved me’ meme celebrates the wackiest influences of our time Tuesday 2:20 PM
- This guy slapped his mom’s boobs for a TikTok and, honestly, it’s exhausting (updated) Tuesday 12:37 PM
- Jif peanut butter and Giphy have joined forces on how to pronounce ‘GIF’ Tuesday 12:19 PM
- This dad threw a 1-year HRT party for his trans son and the internet can’t get enough of it Tuesday 11:44 AM
- This petition wants Pornhub to be shut down for good Tuesday 11:03 AM
- Pete Buttigieg’s speech voice is suspiciously like Obama’s Tuesday 10:56 AM
Security researchers discovered that four popular dating apps have been leaking the exact locations of their users.
Grindr, Romeo, Recon, and 3fun, according to security company Pen Test Partners, were potentially putting the location data of as many as 10 million users at risk.
The security firm says it was able to create a tool that allowed them to enter any location and quickly learn exactly where users of the four apps were located.
“By supplying spoofed locations (latitude and longitude) it is possible to retrieve the distances to these profiles from multiple points, and then triangulate or trilaterate the data to return the precise location of that person,” a blog post from the firm explained.
The company goes on to add that individual users can even be tracked “in near real-time” by simply knowing their usernames.
“Asides from exposing yourself to stalkers, exes, and crime, de-anonymizing individuals can lead to serious ramifications,” the blog post says.
The discovery is especially worrying given that some of the apps cater specifically to members of the LGBT+ community. Pen Test Partners says it was able to locate users in countries such as Saudi Arabia, which “still carries the death penalty for being LGBT+.”
“It is difficult for users of these apps to know how their data is being handled and whether they could be outed by using them,” the company writes. “App makers must do more to inform their users and give them the ability to control how their location is stored and viewed.”
After contacting the companies behind the apps, Pen Test Partners says it received a degree of different responses.
The company behind the Romeo app pointed to a feature that allows users to not use their exact location, but the security firm says the option is not enabled by default and is buried in the app’s settings.
3Fun stated that it would “fix the problems as soon as possible” after being made aware.
Recon likewise stated that it would fix the issue and is believed to have done so within the last few days.
Grindr, on the other hand, did not respond to the incident.
Pen Test Partners says it hopes its discovery will allow users to become more aware of how vulnerable their private information is once it’s handed over to dating apps.
- Startup secretly collected millions of Instagram users’ location data, stories
- Twitter bug shared some user’s location data without their consent
- New Google feature will let users auto-delete location data
H/T Threat Post
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.