Hooking up with Tinder just got a whole lot creepier. The popular hookup app reportedly had a flaw in its system that revealed users' exact locations to anyone who was looking without their permission.
Your friendly neighborhood hackers at Include, a New York-based company that searches for easy-to-hack websites and apps to warn businesses about potential holes in their security systems, were the ones who spotted the issue. Include's hackers found that it was possible to find out Tinder users' exact locations. Tinder users know that they are giving out their general location because that's how the app works, it engineers a hookup between agreeable, attractive people who happen to be near each other. What they didn't know, was that Tinder was giving out their location to 15 decimal places, meaning that any good hacker could find out where they were within 100 feet.
So if a vengeful ex wanted to know where their former lover was hanging out, it would be all too easy. Also, if anyone wanted to stalk someone, Tinder would be pretty useful. Naturally, Tinder users don't want to live out either of these scenarios.
Include's policy is to warn the company that is affected by a security concern and then give them three months to fix the issue before they go public with the information. The founder of Include, Erik Cabetas, says he warned Tinder about the problem his friendly team of hackers discovered in October, but the company did nothing. With the three-month deadline quickly approaching, Tinder reached out to Include asking for a bit more time. Finally, sometime around the beginning of January Tinder fixed the problem.
"We want technology companies to remember that as they're moving a million miles an hour to innovate, they need to consider security and privacy as part of the value proposition they're selling their customers," Cabetas said. "Consumers tend to avoid use of applications, cloud services, or websites that severely encroach on their privacy."
Tinder, of course claims that it solved the issue within 48 hours, but Cabetas says there is no evidence that the company resolved the issue that quickly. In fact, he claims Include can prove otherwise.
"Shortly after being contacted, Tinder implemented specific measures to enhance location security and further obscure location data. We did not respond to further inquiries about the specific security remedies and enhancements taken as we typically do not share the specifics of Tinder's security measures," Tinder said in a statement. "We are not aware of anyone else attempting to use this technique. Our users' privacy and security continue to be our highest priority."
