Safety

Scammers stole more than $1.4 million from users of popular dating apps like Tinder, Grindr and Bumble, among others. Dubbed “CryptoRom” by cybersecurity research firm Sophos, the attackers feigned romantic interest with victims to build trust, and then lured them into downloading fake cryptocurrency apps.

According to reports, these scammers used Apple’s Enterprise Development platform to push the fake cryptocurrency apps, which gave the victims a sense that they were legitimate, but in reality, this allowed scammers to bypass the normal app review process. 

The CryptoRom attackers set up fake profiles on dating apps and strike up conversations with users, later moving them to messaging apps. After a time, the subject of cryptocurrency is introduced into the conversation, and the scammer asks the victim to install the fake crypto trading app to make an investment. At first, the victim makes money and is allowed to withdraw from their account, providing a false sense of security. Soon after, they are asked to make a more substantial contribution, and if they do, the scammers not only refuse their withdrawal requests, but blackmail them to invest more and take the money they already paid if they refuse.

Tinder has partnered with ride sharing company Lyft to let users purchase rides for their dates, encouraging people to meet for dates after more than a year of lockdown restrictions from Covid-19.

The new feature can be found in the company’s Explore section of the app, where a user can buy a ride credit for a person they have matched with, according to The Verge. While the person buying the ride credit can set the meeting location, time, and how much they want to spend, they won’t be able to see their match’s address or other personal information. 

If you are the recipient of a rideshare gift, you have the option to turn it down. When someone has purchased a Lyft ride for a match, the match is sent a link via a phone number or email address, and it is up to that recipient to accept or reject the ride. The Verge points out that while this is a good step in enacting some safety precautions for users and giving them some control, there should also be a way to opt out of the feature altogether. (Currently, there’s not.) 

Tinder India has created and released a new film for its users about consent and what it looks like in modern-day dating culture. The purpose of the new film Closure is to spark conversation among daters and to help them create healthy boundaries. 

According to Business Insider India, the film centers around a young woman named Ria and her estranged ex-boyfriend Ved. The film starts with the two of them meeting on a beach and flashes forward through their budding romantic relationship. Then the movie cuts to a disturbed Ria and confused Ved sitting across from each other after some time has passed, having a difficult conversation about what drove them apart. We soon learn that Ved didn’t ask for her consent on their last night together. “You didn’t say no,” he insists, where Ria says “but I also didn’t say yes. I wish for once, you had asked.”

Ved later asked if she was seeing anyone, and it flashes to her budding new relationship with a man who does the things she longed for Ved to do – he asks permission before he kisses her or holds her hand. She also exercises more power in this new relationship by voicing what she wants, something she realizes she didn’t do while she was dating Ved. She has moved onto a happier, healthier relationship. 

The FTC in mid-September issued a statement urging people using LGBTQ+ dating apps to be cautious amid the growing number of scammers who operate on these apps.

Apps like Grindr and Feeld were named in particular as the FTC warned of an increasing number of scammers who seek explicit photos and then use them to extort money. According to Consumer Reports, the attackers pose as interested romantic partners and chat with intended victims. These scammers send explicit photos quickly, seeing who responds with a similar photo in return.

The next part plays out like an episode of Black Mirror, where if the victim does send an explicit photo in hopes of connecting in person, the attacker quickly turns on them and uses blackmail to extort money. The attackers threaten to send the photo to the victim’s personal networks, including family and friends or even an employer unless they pay (usually via gift card). 

Match Group and Bumble CEOs

The CEOs of dating companies Match Group and Bumble have created relief funds for people in Texas affected by the new abortion ban.

The new law, also known as SB8, prevents women from having abortions after six weeks, long before most women know they are pregnant and effectively banning them altogether. In addition, citizens have been empowered and incentivized to bring civil lawsuits against anyone involved in assisting a woman getting an abortion, including doctors, family members, and even rideshare drivers. As a result, the female CEOs of two dating companies based in Texas – Match Group and Bumble – are fighting back on behalf of women by setting up funds to help people receive care out of state.

According to CNBC, Match Group’s CEO Shar Dubey announced that she will personally finance and help the company’s Texas-based employees receive out of state care if they need it. Bumble’s Whitney Wolfe Herd announced the company will create a fund for people in Texas who need access to care and send the money to organizations that support reproductive rights. 

Dating app Bumble’s platform was found to have a security vulnerability capable of leaking the exact locations of its users, putting them at risk of potential attackers.

The researcher who discovered the security flaw created two fake profiles, one for the “attacker” and one for the “victim,” to check vulnerabilities in the app’s API. He was able to bypass signature checks for API requests, which meant he got around Bumble’s paywall to execute the attack.

His test revealed the exact location and the distance of the fake victim from the fake attacker through a process of trilateration, according to security trade magazine The Daily Swig. In other words, he figured out how the app calculated and matched approximate user locations by rounding down the exact distance they are from each other.