Several popular online dating apps are vulnerable to hacks, potentially risking users' locations and real names, according to new research from Kaspersky Lab.
Researchers examined nine apps, including Tinder, Bumble, and OK Cupid, on both Android and iOS platforms. Most had at least one, if not multiple, vulnerabilities, ranging from unencrypted photo uploads to access to personal identification information like users' real names, locations, and employment and education details.
SEE: Guidelines for building security policies (Tech Pro Research)
Some exploits allowed researchers to gain login information, log into accounts, and send messages as that person in the app. The most dangerous exploit impacts Android users, as hackers can use free apps to essentially break into the phone and become a superuser. The hack can give the superuser full access to dating app accounts, along with the ability to view messages. Six of the nine apps—Bumble, Tinder, OK Cupid, Paktor, Badoo, and Happn—were vulnerable to this attack.
While users open themselves up to some risk by putting a direct job title into a dating app, that information is typically only available to people viewing or matched with their profile. This hack suggests people outside of that realm can access that information, and use it to find the person's other social media accounts and more information about them.
According to the report, the researchers were able to find 60% of people on outside platforms using the details provided in a dating app.
While security professionals, and consumers looking for love, could find concern with the research, business professionals could also be at risk if they use the apps for networking.
For example, Bumble rolled out Bumble Bizz, its networking mode, at the beginning of the month. The mode, held inside the same app investigated in the research, shows a user's profile with job experience, education, and an "about me" field, much like a LinkedIn profile. Bumble's dating mode lets users select a generic job title without sharing their place of work, but this feature isn't available for business users, who have to share a formal job title and workplace. Bumble didn't respond to a request for comment in time for this article.
Designed for meeting other professionals in a user's area, Bumble Bizz profiles also include many more personal details than those for a standard dating app. The mode only allows users to pull information from Facebook, potentially exposing users to hackers more easily accessing their Facebook account.
In other dating apps, the Facebook information is already vulnerable. For the iOS version of Happn, researchers found a user's direct Facebook user ID in the code, making finding the actual Facebook account a matter of copy and pasting.
The researchers have already sent their findings to the respective apps, but there are a few things users can do now to protect themselves, whether they use these apps for dating or for business. The researchers recommend not including identifying information on your profile, avoiding access dating apps through public Wi-Fi, and using malware-identifying software on your phone.
The 3 big takeaways for TechRepublic readers
- Several popular dating apps have multiple security vulnerabilities, leaving personal information at risk, according to new research from Kaspersky Lab.
- Using multiple exploits, researchers could access users' locations and Facebook user IDs, among other details.
- Professionals using the apps for networking, including Bumble's new networking mode Bumble Bizz, could also be at risk as the mode is within the investigated app. Bumble Bizz also requires more personal information, including direct job titles and work places.
- Gallery: 10 mobile apps for making job hunting and networking easier (TechRepublic)
- Android security: Google will pay $1,000 for holes in these top apps (ZDNet)
- Spotify and Bumble reveal your musical tastes to your dating prospects (CNET)
- Leaked: Facebook security boss says its corporate network is run "like a college campus"(ZDNet)
- Q&A app Zip: Swipe right for better data (TechRepublic)
Olivia Krauth is a Multiplatform Reporter at TechRepublic.