Security researchers Pen Test Partners have uncovered major privacy issues at group dating app 3Fun, with the exact location of its 1.5 million members reportedly being exposed.
In a blog post detailing the findings, a Pen Test spokesperson called the platform a “privacy train wreck” and decried “the worst security for any dating app we’ve ever seen.”
Along with their live geolocation, users’ private pictures, chat data, sexual preferences and dates of birth were left unsecured.
The researchers also found it was possible to rewrite their coordinates and drop their profile anywhere in the world to see ‘nearby’ users.
Individuals with 3Fun accounts were found at high security buildings around the world, including the White House, CIA headquarters and 10 Downing Street. However, Pen Test noted that because it’s so easy to change positions those accounts might just belong to “a tech savvy user having fun”.
3Fun was contacted about the security flaws on 1st July but, TechCrunch reported, it took “weeks” before implementing any changes.
The app thanked the researchers for “reminding” them of the issue and asked if they had any suggestions regarding fixes. Pen Test said the response was “concerning” , and advised that the app should be taken down while it was updated.
Last week, Pen Test also showed the BBC how the exact position of Grindr and Romeo users could be exposed if hackers faked the location of their own devices.
A third-party app provided a similar service in September 2018, but the owner took it down after Grindr threatened legal action (instead of immediately fixing the flaw).
Read more here.