Case Study: Dating App Vulnerabilities to Cyber Security

dating app vulnerabilities official hacker

Nowadays a great number of people used to access several dating apps in search of love or a partner. More than 250 million accounts are active on several dating apps like tinder, value match, grinder, and many more. Privacy is crucial for every app. Recently, high-profile incidents have highlighted the privacy risks immanent in using these apps.

Users have no issue with sharing their personal information with the app but the unauthorized access to any third party would not be endurable and once if any malicious hacker enable the access, they can actually take advantage of that, Manipulate and blackmail the victim by asking some money in return and sometimes it becomes matter of life and death. 

Covid-19 comes as a blessing for malicious hackers, everything is online due to lockdown number of dating apps users has been increased due to which there is a wide range of choices for hackers 

Apple and Google have removed three dating apps FastMeet, Meet24, and Meet4U, from their platforms after some US authorities published a report.  

Dating apps are like a trap for the users and a window of opportunity for hackers. These apps subdue very sensitive data, which coerce victims to toe the line. 

Dating App Vulnerabilities and Breaches

Dating apps curb most confidential deets, so hackers find them the most alluring way to manipulate or blackmail someone for the sake of a tempting amount.

Case 1: MeetMindful

 A hacker group of New Delhi named shiny hunters hacked The meet mindful app, purloin and divulge 1.2 GB file containing personally identifiable information of 2.28 millions of MeetMindful users information including their names, emails, city, state, and ZIP code, geolocation, body details, dating preference, birth dates, marital status, IP addresses, and Bcrypt-protected account passwords all particulars provided by users during setting up their profiles; with a free download on a publicly accessible hacking forum, which is still available on public file-hosting sites.

It impacts a huge number of people. Almost 1500 views were counted on the disclosed data. Hackers extort money from several victims, manipulate whom they wish to and this is just a consequence of cloud glitch or misconfiguration. 

Case 2: Bumble

In March, Reported by cybersecurity firm Independent Security Evaluators Sanjana Sarda, due to an API vulnerability, sensitive data of 100 million users, almost all users including height, religious beliefs, pictures, Facebook account, location, and many more were hacked, and unauthorized access of accounts was in the hands of hackers. Premium service and right swipe feature both were under the control of hackers. It took almost 6 months to bring everything back on track. Till 1 November nonissues were patched and after, 11 November scant issues were found to be mitigated. 

Case 3: Grindr

It was reported that for marketing purposes Grindr illegally trades personal information, such as a user’s IP address, advertising ID, GPS location, age and gender, sexuality with any third party that is included in advertising and profiling. Even in the modern world several countries do not accept the culture of homosexuality and LGBT is still illegal there, leaked data can erect a lot of bangarang in an individual’s life.

The Norway data protection authority announced to impose a heavy fine of £8.5m or $11.7m which is almost equal to 10% of annual turnover. The European Centre for Digital Rights claims the consent to be illegal users were unaware and the consent wasn’t precise.  Investigation continues on the firm that received the data.

Case 4 : Tinder & OkCupid

Launched in 2012 and at present one of the most voguish dating applications Tinder reported is vulnerable to cybersecurity, photos of 70,000 women user’s were shared to a criminal site Tinder also link accounts with Facebook.  A few months back 70,000 profiles from OkCupid were publicly disclosed by a danish researcher and the data is still publicly available. Both apps are owned by the match group. 

Case 5: Manhunt

In February 2021, it was reported that manhunt, a gay dating app with almost 6 million users, had been hacked. Hacker Gained authorized access over the data information like email address, encrypted password, name, sexual orientation, and many more sensitive details. More than 7700 US users were affected and no one knows the exact total number of victims but almost 11% of the users were molested. Later in mid-march manhunt alerts its users to reset the password and set a strong password. 

Case 6: Rela

Due to weak security measures of real; lesbians and bisexual women dating app, almost 5.3 million users’ profiles and private data get exposed information including nicknames, dates of birth, height and weight, ethnicity and sexual preferences and interests, and more than 20 million story/ status or moments. In May 2017, suddenly this app disappeared from the app store, a year later this app returned with some other cloud provider. 

According to reports, the database had been exposed since June 2018, a month after the app returned. However, after a few months, the spokesperson of this app confirmed that the data had been secured and privacy policy had been updated. 

There are several more applications whose users endure this torture. In 2015, Ashley Madison’s dating site hacked and manifest personal information due to which several people committed suicide, Jewish dating app JCrush disclose around 200,000 user records, AdultFriendFinder was hacked, revealing more than 400 million user accounts.

Not only hackers but dating apps are also involved in malicious activities. There are a total of 1500 dating apps ongoing. Dating apps seem to be most attractive for hackers, as they contain the most private data. These apps contain mainly PII data, private messages, pictures, authentication tokens and links, email, sexual interest. These breaches affect more than 100 countries in the world. 



Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.