Tinder Fails For Months To Inform Public Of Security Flaw That Reveals Users’ Exact Location

tinderflawoct The fun part about popular dating app Tinder is that you can effectively move through a virtual word of potential dates and mates, all from the safety of your own real world location. Except that a new report from security researchers says a flaw in the app exposed users’ exact locations for months — with mileage specific down to 15 decimal places — and that Tinder never told the public about it.


The flaw is now being aired by a security company known as a “white-hat” hacking group, which hunts down problematic code on popular sites, apps and software and then gives companies a chance to fix the issues before going public with it, reports BusinessWeek.


Include Security says it first alerted Tinder to the flaw — which had servers spewing out detailed information that could allow a hacker with any kind of skills to pinpoint someone within 100 feet — all the way back on Oct. 23, 2013. Tinder didn’t issue a peep about it in any meaningful way until Dec. 2, Include says, which is when a Tinder employee asked for more time to fix the problem. The hole was finally patched sometime before Jan. 1, 2014.


With such a breach wide open for anywhere between 40 and 165 days, one might think Tinder would have something to say to its users. Instead, Chief Executive Officer Sean Rad has stayed mum on the issue, and was less than helpful to the researcher who identified the flaw, he says.


“I wouldn’t say they were extremely cooperative,” he says of the patchy correspondence with Rad and Tinder.


You might recall a similar episode back in July, when the app revealed users’ exact latitude and longitude for at least two weeks, a time span Rad called “a few hours” back then.


We’ve reached out to Tinder for comment on the situation and will let you know if we hear back. In the meantime, it sounds like users’ locations are secure, that is, unless there’s something else going on that Tinder will decide not to alert the public about in a timely manner.


Otherwise there will likely be plenty of users swiping Tinder itself to the left, and into the “NOPE” bin.


“We want technology companies to remember that as they’re moving a million miles an hour to innovate, they need to consider security and privacy as part of the value proposition they’re selling their customers,” the Include security reacher adds. “Consumers tend to avoid use of applications, cloud services, or websites that severely encroach on their privacy.”


New Tinder Security Flaw Exposed Users’ Exact Locations for Months [BusinessWeek]




by Mary Beth Quirk via Consumerist

No hay comentarios:

Publicar un comentario