Online dating—is there any other kind?—can prey on people’s insecurities. And lately it seems like hackers can too.
Gizmodo reports that the Kapersky lab in Moscow— embroiled in its own controversy— has found a number of potential weaknesses across a long list of dating apps including Tinder and Bumble. (As Gizmodo points out, queer apps like Grindr and Scruff were conspicuously absent from the Russia-based firm’s study.)
The group claims to be able to take employment data from a user’s profile and match it with 60 percent accuracy.
More troublingly, they claim to have found vulnerabilities that allows a user’s location data to be readily accessed, as well as a particular weakness in Android versions of these apps that could let someone access a user’s messages, and in some cases allow a third party to login to a person’s profile.
The researchers also found that “users of Tinder, Mamba, Zoosk, Happn, WeChat, and Paktor are particularly susceptible” to having their location data hacked.
For the especially concerned, Gizmodo asked the researchers for advice on how to defend against these attacks: “ a) never access a dating app via public Wi-Fi, b) install software that scans your phone for malware, and c) never specify your place of work or similar identifying information inside your dating profile.”
They’re not the only group of researchers to find a chink in a dating app’s armor. A team from the University of Washington presenting at the American Computing Society later this month have found that buying mobile ads can enable a person to track a user’s location. As Wired writes, this method doesn’t require the resources of a corporation (of the kind you might expect to buy your data anyways): it costs $1000 to buy such an ad.
The University of Washington researchers couldn’t confirm that such an ad would allow continuous location tracking on Grindr, the gay hookup app, and the company did not immediately respond to Wired’s request for comment.
The Russian researchers told Gizmodo that they sent their results along to the companies whose apps they’ve investigated.