Computer Programmer Anand Prakash has revealed a new vulnerability in Tinder’s security.
In a blog post entitled “Hacking Tinder Accounts using Facebook Accountkit”, Prakash outlines how hackers could exploit a mobile log-in feature.
Reportedly, hackers could access a user’s Tinder account ‘within seconds’ if they knew the phone number that was linked to the account.
The hacker would be able to fully control the account, seeing photos and messages and interacting with other users.
Identifying the problem saw Prakash net a $5,000 reward from Facebook and $1,250 bounty from Tinder.
The loophole has since been closed.
Speaking to The Telegraph, Professor Alan Woodward, a cybersecurity expert at the University of Surrey, said: “The vulnerability was disclosed responsibly and has now been fixed so I suspect the risk that individuals may have been compromised is relatively small”.
He added the “simplicity of the exploit is troubling”.
Tinder and Facebook have not commented on the security flaw.
Read more here.
https://www.youtube.com/watch?v=tIAxmZt1joY