Flaw's been around since July

Whoops: Tinder security flaw gave everyone easy access to your location




tinder-logo

Well, whoops. Let’s hope you aren’t paranoid if you are, or have been in the last year, a Tinder user. According to a new report by security firm IncludeSec, Tinder has left a security flaw open for the greater part of a year that gave hackers super easy access to your smartphone’s location services remotely. While the attack, which is reportedly now patched, required that attackers had already intercepted your Tinder identifier number, such information would have been child’s play to obtain for anyone on the same network with a simple packet sniffer.

The flaw has been around since July, and was only recently patched last month on January 1st – however Tinder reportedly refused to communicate with IncludeSec, who reported the issue to the social networking service that’s disturbingly similar to “hot or not” services that have been around the net for forever.

The lesson here? Never trust an application that requires access to your phone’s location services unless you’re absolutely sure that the development team is able to find and fix these sort of flaws in short notice. Such a security flaw could have easily put you, and any other Tinder user, in danger if the data was put in the wrong hands.

Via: The Verge
Source: IncludeSec