The National Cyber Security Centre has warned that several vulnerabilities in popular online dating apps may compromise personally identifiable information of millions of users.
Users should limit the amount of personal information they share with online dating apps to reduce the chances of exposure in the event of a hack.
A number of online dating apps that lure users into a sense of complacency with promises of ensuring anonymity, feature several vulnerabilities that may expose personally identifiable information of millions of users, the National Cyber Security has warned.
In its Threat Report dated 10th November, the Centre warned that professional hackers are looking to use personal data ‘for a variety of malicious purposes’ and may target online dating apps that feature several exploitable vulnerabilities.
These vulnerabilities include poor security and lack of encryption during data transmission, lack of security in token-based authorisation processes, and vulnerabilities in several apps’ message history, particularly for Android users running outdated software.
By exploiting such vulnerabilities, hackers can destroy your anonymity by obtaining your personally identifiable information from such apps, and therafter blackmail you into paying up to prevent your data from bing shared on the Internet.
As such, the country’s cyber security watchdog has warned users to urge caution while choosing online dating apps and to limit the amount of personal information they share. The lesser the information, the lesser the chances hackers will have of tracking such users.
A number of news websites have claimed that the NCSC has singled out Tinder for featuring the said vulnerabilities and that it is a favourite hunting ground for Russian hackers. However, this is not the case.
Nowhere in its Threat Report has the Centre named Tinder as being among the affected apps, nor has it stated that the hackers are from Russia. Hence, app users must not be led to believe that online dating apps other than Tinder are safe to use.
If you remember the Ashley Madison saga, you would do well not to trust apps with too much information as such information can either be revealed to the public or exchanged between hackers with great ease. Earlier this year, a WIRED investigation also revealed that some of the UK’s most popular iOS dating apps like Happn, AnastasiaDate, Once, HookUp Now, MeetMe and AffairD were leaking Facebook identities, location data, and pictures of millions of users to hackers.
While Happn, Hookup Now, AnastasiaDate, and AffairD were found to be transmitting data to customers’ phones without adequate security, the likes of HotOrNot, Tinder, Match.com, and Bumble were found to contain adequate security and were not vulnerable to hackers.
‘It is pretty clear some of the apps have significant consumer privacy issues. I don’t think any of these apps have bad intentions but some of them have negligent security practices that would allow an attacker or a person who has bad intentions to find out information about users the app doesn’t intend,’ said an investigating researcher to WIRED.