Tinder #vulnerability allows #hackers to take over #accounts with just one #phone number
Source: National Cyber Security News
After it was reported last month that online dating app Tinder had a security flaw, which allows strangers to see users’ photos and matches, security firm, Appsecure has now uncovered a new flaw which is potentially more damaging.
Infiltrators who exploit the vulnerability will be able to get access to users’ account with the help of their login phone number. The issue has, however, been fixed after Tinder was alerted by Appsecure.
Appsecure says, the hackers could have taken advantage of two vulnerabilities to attack accounts, with one being Tinder’s own API and the other in Facebook’s Account Kit system which Tinder uses to manage the logins.
In a statement sent to The Verge, a Tinder spokesperson said, “Security is a top priority at Tinder. However, we do not discuss any specific security measures or strategies, so as not to tip off malicious hackers.”
The vulnerability exposed the access tokens of the users. If a hacker is able to obtain a user’s valid access token then he/she can easily take over a user account.
“We quickly addressed this issue and we’re grateful to the researcher who brought it to our attention,” The Verge quoted a Facebook representative as saying.
View full post on National Cyber Security Ventures