Could Hackers Spy on Your Tinder Account?
Contributed by: kellyseal on Friday, February 16 2018 @ 08:25 am
Last modified on
The next time you swipe right on a Tinder match when you’re sitting at a bar, consider that hackers might be taking notes.
Website MarketWatch[*1] reported that vulnerabilities were found in the popular app, exposing users to hackers. The vulnerability stems from Tinder not using encryption on users’ photos. Instead, they use a basic HTTP, an unsecure older protocol, rather than HTTPS. This means when you swipe, hackers have the ability to see not only profiles, but the actions you take with swiping, super-liking, and rejecting photos as well. Think of it as someone looking over your shoulder as you’re swiping.
Tech Times reported that users aren’t at risk of spies seeing their actions when they are swiping at home over a private Internet connection, but they are when using public WiFi networks.
The vulnerability was discovered by Tel Aviv security firm CheckMarx.
This potentially makes millions of users vulnerable to unknowingly sharing personal information. Not only could hackers see you swiping as you’re sipping coffee at the local Starbucks, but they are also able to add photos themselves, which means they could add spam and viruses to the user’s photo stream as well.
Tinder responded to the report by noting that its desktop and mobile web versions do have encrypted photos. However, most people swipe over the app version on their phones, and typically out in public when they are waiting in line, gathered with friends, or having a drink. This is where there’s cause for alarm.
Tinder also said they are working to address the security of their app and user photos, but cannot release information on exact security tools since that would potentially tip off hackers.
Another concern MarketWatch noted is that hackers could target high-profile users, or that users could be inundated with spam, or worse - blackmailed.
“Apart from listening to the traffic and viewing the images and actions, an attacker could also inject different images, commercials and potentially malicious code,” Amit Ashbel, a researcher at Checkmarx, told MarketWatch. “Tinder failed its users by passing people’s data over a non-SSL connection. In the modern age nothing should be passed over plain HTTP.”
"Like every other technology company, we are constantly improving our defenses in the battle against malicious hackers," said Tinder in a statement.
However, CheckMarx told Tech Times that they warned Tinder of the vulnerability months ago, but the app’s executives had not taken any action to correct the breach. So CheckMarx decided to release their findings to the public.