- People are mad about ‘Ghostbusters’ again 5 Years Ago
- The community that made Cyntoia Brown’s clemency possible 5 Years Ago
- What does ‘deadass’ mean, and where did it come from? 5 Years Ago
- How to watch ‘Riverdale’ online for free Today 5:30 AM
- Discord allegedly used to lure teenager boy to Florida trailer housing sex slave Tuesday 7:36 PM
- Millie Bobby Brown has the wrong take on ‘You’ Tuesday 6:42 PM
- Why is Tony Stark missing from the ‘Spider-Man: Far From Home’ trailer? Tuesday 6:00 PM
- The creepy texts this woman received are eerily similar to Netflix’s ‘You’ Tuesday 4:20 PM
- Roku defends decision to host InfoWars amid online backlash (updated) Tuesday 4:04 PM
- Pump yourself up for ‘Game of Thrones’ season 8 with this masterfully edited hype video Tuesday 2:35 PM
- NBC asked reporters not to call Steve King’s comments ‘racist’ Tuesday 2:21 PM
- Disney files copyright claim on YouTuber’s Darth Vader film—and the creator is devastated Tuesday 2:18 PM
- The ’10 Year Challenge’ isn’t as fun for trans people Tuesday 1:25 PM
- New Nike shoes can be controlled from your smartphone Tuesday 1:06 PM
- Cardi B. jumps on 10-year challenge with high school performance of Lady Gaga song Tuesday 12:28 PM
How to hack Tinder and get a date with someone who doesn’t even like you
Feeling ignored by a crush? Just hack your way into their heart.
A hookup app like Tinder already feels a bit seedy, based as it is on superficial, semi-anonymous snap judgements. So the one real safety net—no user can contact another without both parties expressing an interest—is a critical piece of the privacy puzzle.
Only what if that mechanism were less secure than we thought? Web developer Shaked Klein Orbach wanted to try Tinder but was skeptical of how it would handle his data, particularly as it had accidentally revealed users’ physical locations and Facebook details earlier this year. Using something called a man-in-the-middle proxy, Orbach discovered that the app stores Facebook ID numbers, which to a certain degree makes sense.
It’s what you can do with the Facebook ID, and Tinder’s flawed application programming interface (API), that’s more startling: cheat the system itself. When a match is made, a PUT request, authorization headers, and certain parameters are generated. By plugging the appropriate Facebook ID codes into those parameters, you can fake a match between any two users and automatically open a channel of communication between them with Tinder’s default match alert—4 million of which are issued daily—even if each has rejected the other.
It may not be Love Potion No. 9, but that sort of glitch could certainly leave a customer open to forms of stalking and harassment that Tinder theoretically guards against. Quartz reported on Orbach’s investigation and eventually obtained a statement from Tinder CEO Sean Rad, who said, basically, “we got this.”
We want to thank Mr. Orbach for pointing out a way to create a match with another user through manipulating certain API calls. This issue is now resolved and to our knowledge no one was affected outside of Mr. Orbach’s test. We are committed to taking all necessary steps to ensure the privacy of our users and we appreciate the help and support of great engineers like Mr. Orbach.
It’s lucky for Orbach, anyway, that Tinder saw the merit in his work. Most companies would treat a hacker who demonstrated system vulnerabilities as a dire threat in their own right. (We’re looking at you, Apple.)
Miles Klee is a novelist and web culture reporter. The former editor of the Daily Dot’s Unclick section, Klee’s essays, satire, and fiction have appeared in Lapham’s Quarterly, Vanity Fair, 3:AM, Salon, the Awl, the New York Observer, the Millions, and the Village Voice. He's the author of two odd books of fiction, 'Ivyland' and 'True False.'