- Workers claim Google made spy tool to prevent them from organizing Wednesday 8:13 PM
- Hailey Bieber denies shading Selena Gomez with ‘I’ll Kill You’ Instagram post Wednesday 7:46 PM
- Trump signed an ego tweet sheet for Tomi Lahren–and it features conspiracy theorists Wednesday 6:59 PM
- Attorneys say ICE deleted evidence pertaining to transgender asylum seeker’s death Wednesday 6:24 PM
- Everything you need to know about VSCO filter codes Wednesday 6:17 PM
- Are users prepared to pay for Gmail storage space? Wednesday 6:09 PM
- Facebook pledges $1 billion to fight housing crisis it helped create Wednesday 5:16 PM
- Lizzo officially credits ‘DNA test’ tweet writer on ‘Truth Hurts’ Wednesday 4:50 PM
- Pornhub takes down videos secretly filmed in a college women’s locker room Wednesday 4:15 PM
- Google Maps on iPhone now shows you speed traps Wednesday 3:47 PM
- Here’s why you’re seeing ‘rise and shine’ all over social media Wednesday 3:45 PM
- AOC grills Zuckerberg over false political ads on Facebook Wednesday 3:27 PM
- Fox News promotes pro-faith, anti-antifa film ‘The Reliant’ Wednesday 3:17 PM
- Cardi B to star in ‘Fast & Furious 9’ Wednesday 3:12 PM
- AOC on opening her DMs: ‘By this morning, it was trash’ Wednesday 2:26 PM
A Tinder security flaw exposed users’ locations for at least a month
This isn’t the first time the app has inadvertently revealed user data.
You know how pundits like to clutch their pearls and moan about the dangers of Tinder, and how hookup apps are leading to the degradation of modern courtship as we know it? Well, it turns out they might’ve been right about Tinder being dangerous, though not for the reason they’d expect.
Internet security researchers have revealed that between October and December of last year, a security flaw in the app inadvertently revealed Tinder user locations within 100 feet, so anyone with “rudimentary” hacking skills could’ve tracked them down. And not only did Tinder not inform their user base of the security flaw, they ignored it for at least a month, the researchers say.
Although Tinder is supposed to reveal users’ locations to the nearest mile, last October researchers at Include Security in New York discovered that the app was actually exposing user distance to 15 decimal places, so someone could potentially identify a user’s location within 100 feet of where they actually were. Meaning if someone really wanted to, they could potentially track you down… like, to your house. Which is a place you maybe still live.
The security flaw obviously has terrifying implications for Tinder users, not to mention for the company itself, who would’ve presumably been held liable if someone had stalked or harassed a user through the app. Yet when Include Security head Erik Cabetas informed Tinder of the flaw on Oct. 23, the company failed to respond until Dec. 2, when they informed Cabetas they needed more time to work on the bug.
Cabetas says Tinder finally fixed the bug sometime around Jan. 1, and that it was related to a previous security vulnerability that emerged sometime around Jul. 2013. He posted a timeline of his team’s (largely one-sided) communications with Tinder on the Include Security blog. “I wouldn’t say they were extremely cooperative,” he says of the company (Tinder has not yet commented on the security flaw).
As BusinessInsider points out, this is not the first time Tinder has been exposed for violating its users’ security: as recently as last July, a Quartz investigation pointed out that a simple hack could yield a user’s latitude and longitude.
In the same vein, Cabetas says this particular security flaw only required “rudimentary Web coding skills” to take advantage of: “This is not a very advanced exploitation scenario,” he says. So while everything in Tinderland seems to be copacetic for now, the implications of the latest vulnerability—and the company’s demonstrated lack of regard for the safety and security of their user base—are somewhat chilling, to say the least.
H/T Business Insider | Screengrab via Tinder
EJ Dickson is a writer and editor who primarily covers sex, dating, and relationships, with a special focus on the intersection of intimacy and technology. She served as the Daily Dot’s IRL editor from January 2014 to July 2015. Her work has since appeared in the New York Times, Rolling Stone, Mic, Bustle, Romper, and Men’s Health.