Encryption errors were discovered on a software development kit created by Agora.io, which could have allowed hackers to listen in on private conversations.
The livestreaming and video technology is used by The Meet Group, Plenty Of Fish and eharmony for their respective virtual dating features. Overall, it’s believed that Agora-powered apps exist on 1.7 billion devices around the world.
The flaw was uncovered by computer security company McAfee, which published research earlier this week explaining that it may have been vulnerable since December.
McAfee immediately reached out to Agora and both organisations were satisfied that there was no evidence that bad actors took advantage. Agora has contacted its users to help them update their relevant apps.
A spokesperson for the company explained to CyberScoop: “Thanks to McAfee, we found a vulnerability in our software in 2020, giving us the opportunity to collaborate with McAfee and reach out to our customers to help them make the necessary fixes.
“Agora is always looking to better protect our system and customers. Our bug bounty program is part of that commitment. In addition to our work with McAfee, we invite other independent security researchers to report any other bugs or vulnerabilities they discover.”
As people spend more time online during the pandemic, there are greater opportunities for hackers and scammers to take advantage of new victims. In January, 2.3 million records from dating app Meet Mindful were posted on a publicly-accessible forum and available to download for free.
The US Federal Trade Commission estimates that over $300 million were lost through romance scams in 2020, an increase of 50% from the previous year.
Read more here.