Popular dating app Tinder has had further security issues exposed regarding access to users’ personal information.
Tinder lets users “like” or “skip” profiles by swiping and if both users “like” each other, they are connected.
However Shaked Klein Orbach, a developer in the Netherlands, found you could fool the Tinder matching mechanism to connect two people who haven’t mutually “liked” each other by manipulating a few lines of code.
Orbach also discovered that this process also enabled him, in some cases, to access Facebook ID numbers and email addresses.
In Orbach’s detailed report, he shows how he could fool Tinder’s API by using a “man in the middle proxy” making it possible to unveil this personal information.
This comes after the discovery of another developer called Chintan Parikh, who found in July that you could access a match’s location by manipulating the app.
Tinder responded to this security concern, CEO Sean Rad saying that the breaches only lasted “like an hour”.
There have been some suggestions by Quartz, however, that this problem lasted longer.
Regarding the most recent security concern, Orbach contacted Sean Rad about it, who issued the following statement, thanking Orbach for discovering the issue:
“We want to thank Mr. Orbach for pointing out a way to create a match with another user through manipulating certain API calls. This issue is now resolved and to our knowledge no one was affected outside of Mr. Orbach’s test. We are committed to taking all necessary steps to ensure the privacy of our users and we appreciate the help and support of great engineers like Mr. Orbach.”
So that could be that and although it hasn’t been confirmed by Orbach, it is expected to be embedded in the next Tinder update.