It was just last month that it was discovered that dating app Tinder had a security flaw that lets strangers see your photos and matches. Now according to a report from Appsecure (via The Verge), a new flaw has been discovered that looks like it would have been potentially more damaging.
Now before you get too worried, the good news is that after being alerted to the security vulnerability, Tinder has since patched it which means that users should be safe moving forwards. However prior to the patch, what the flaw allowed was hackers to possibly take over Tinders accounts using just a phone number.
According to Appsecure, the attack works by taking advantage of two separate vulnerabilities. One of the vulnerabilities is in Tinder and the other in Facebook’s Account Kit system which Tinder uses to manage logins. The vulnerability essentially exposed the access tokens of users, which means that hackers who obtained a valid access token could easily take over a user’s account.
Speaking to The Verge, a Facebook rep was quoted as saying, “We quickly addressed this issue and we’re grateful to the researcher who brought it to our attention.” Tinder also responded by saying, “Security is a top priority at Tinder. However, we do not discuss any specific security measures or strategies, so as not to tip off malicious hackers.” Appsecure has since receive bounties worth $5,000 and $1,250 from Facebook and Tinder respectively.