The Tinder mobile dating app has millions of users swiping on one another’s profiles to find matches, but it seems that for part of last year, they were sharing more information than they realized.
For months until the end of 2013, Tinder users who knew how to do so were able to see how close they were to each other in increments of 100 feet. By using rudimentary programming skills, users could mine Tinder data to find out where any other user was. To do this, someone would need to use three different accounts as a way to triangulate a target’s location, according to research by Internet security consultant Include Security.
Users are supposed to see how many miles away another user is located — but not that person’s precise address. Tinder has quietly fixed the problem, according to a statement provided by the company yesterday. Tinder is also not aware of anyone using the latest exploit. And that’s the issue.
Tinder co-founder and CEO Sean Rad admitted in a statement that the technical exploit “theoretically” could have led to someone calculating a user’s last-known location. But the company quickly implemented specific measures to enhance location security, he said, and further obscure location data.
Include Security first notified Tinder of the vulnerability via an email to customer service on Oct. 23, 2013, and reached out to the CEO the following day. They say they immediately received a “thank you” and nothing further. When they did not hear back, they checked in again on Nov. 8 and Dec. 2, when their message was forwarded to a tech team.