While you’re trying to find love on your favorite dating app, hackers could be busy finding out personal information about you. This discouraging findings in a new report which reveals that popular dating apps such as Tinder, Bumble, and OK Cupid are vulnerable to being hacked. Once hackers infiltrate the dating apps, they can access the users’ location information, their real names, login, password, message history, and which profiles they have visited. This kind of hack would allow people to stalk you and opens up the door for hackers to blackmail you if you were cheating or if you had freaky sex conversations.
The study was done by Moscow-based Kaspersky Lab, where researchers tested vulnerabilities on the iOS and Android versions of nine mobile dating apps. Researchers Roman Unuchek, Mikhail Kuzin, and Sergey Zelensky were able to obtain personal information from users of the dating apps without breaching the dating app’s servers. Here are the dating apps that were used in the study.
- Tinder for Android and iOS
- Bumble for Android and iOS
- OK Cupid for Android and iOS
- Badoo for Android and iOS
- Mamba for Android and iOS
- Zoosk for Android and iOS
- Happn for Android and iOS
- WeChat for Android and iOS
- Paktor for Android and iOS
Some of the apps link to your Instagram page, which can make it simple to reveal your real name. If your place of employment was included in your profile that would allow someone to easily find you on other social networks such as Facebook or LinkedIn. Once this information is obtained, a person can easily be stalked online and contact someone via messages that they wouldn’t be able to on a dating app with messaging restrictions. The researchers were able to successfully identify users’ full names as well as their social media in 60% of the accounts.
Many dating apps are location-based, which reveal users in proximity as close as 100-feet. The researchers were able to exploit the dating apps by feeding them false locations, which would allow hackers to accurately pinpoint other users. “Even though the application doesn’t show in which direction, the location can be learned by moving around the victim and recording data about the distance to them,” the researchers revealed. Tinder, Mamba, Zoosk, Happn, WeChat, and Paktor were “particularly susceptible.”
Most apps have minimal HTTPS encryption, which allows hackers to easily access sensitive data. The researchers were able to infiltrate Tinder, Paktor, and Bumble for Android, as well as the iOS version of Badoo. The iOS version of Mamba “connects to the server using the HTTP protocol, without any encryption at all.” On these apps, researchers were able to steal user information, including login data. The hackers could hijack a profile and even send messages as the victim. “Using the generated Facebook token, you can get temporary authorization in the dating application, gaining full access to the account,” the researchers said. “In the case of Mamba, we even managed to get a password and login – they can be easily decrypted using a key stored in the app itself.”
Photos were uploaded by unencrypted HTTP and stored on the smartphone’s memory. The system caches photos, then hackers access to the cache folder, to see which profiles the user has viewed. Tinder, Bumble, OK Cupid, Badoo, Happn, and Paktor were vulnerable to cyber attacks where hackers could view messages because they are stored on the device.
Kaspersky Lab said they sent their report to the app developers so they could improve security. The researchers did provide some tips on how to decrease your chances of being hacked. They said you should avoid accessing dating apps via public Wi-Fi and use a VPN, install software that scans your phone for malware, and don’t reveal your place of work or other identifying information in your dating profile.