Bumble has finally fixed vulnerabilities that could’ve allowed hackers to discover users’ likes, interests, preferences, pictures and locations, 200 days after it was alerted to the issues.
Security researchers discovered several flaws in Bumble that could’ve given them access to a lot of user data, even if they were banned from the app. Researchers claim they could have discovered the identity of every Bumble user, find out the preferences they stated in their profile, and see all the pictures they uploaded to the app.
With a user account, they would also be able to find out a users’ location by measuring how far in distance they were — with more fake accounts created, it wouldn’t be hard to triangulate the distance and accurately find out where a person was located.
If a user’s account was connected to Facebook, their interests and liked pages were also accessible.
The security researchers maintained that these hacks were relatively easy to perform and didn’t require any extensive tools or expert knowledge — the flaws were all API based and had little to no checks or limits.
Bumble has since fixed these issues, but six months after security researchers first alerted Bumble of the problem, a long window of time for other hackers to exploit the vulnerabilities.
Bumble is safe, for now, but this example shows that even well-known and popular apps can have massive security flaws. Some of these were also made possible with a Facebook connection — something we recommend avoiding if possible. Connecting an app with Facebook, or signing in with Facebook, gives Facebook even more information about you but it also creates a point of risk that may leak your information if the connecting app’s security isn’t up to par.
Generally, we also recommend you be cautious about what information you’re giving away, especially on dating apps. With iPhones, use approximate location so no one can know exactly where you are and limit what personal details you’re giving the app and giving away in your profile.
To learn more about the risks of online dating, check out our deep dive here.
And to learn more about this Bumble vulnerability, visit Forbes.