3Fun group dating app data vulnerability: 1.5 million users at risk
3Fun Group Dating App data vulnerability: 1.5 million users at risk
Group dating app 3Fun, it seems, might have put all of its users' data at risk, according to security experts at Pen Test Partners, who exposed the breach on Thursday and called it "privacy train wreck."
According to the researchers, not just personal information but even private images, chats and real location data of users were available for anyone to peer into.
"Several dating apps including Grindr have had user location disclosure issues before, through what is known as 'trilateration'. This is where one takes advantage of the 'distance from me' feature in an app and fools it. By spoofing your GPS position and looking at the distances from the user, we get an exact position," security research group Pen Test Partners stated on its website.
The app calls itself a "private space" for "local, kinky and open-minded people."
The 3Fun data breach follows on the heels of similar breaches relating to dating apps. The Jewish dating app JCrush, conservative dating app Donald Daters, and Coffee Meets Bagel, have all reported data breaches. The more popular dating app for gay men, Grindr, has faced suspicions over its Chinese ownership.
"The trilateration and user exposure issues with Grindr and other apps are bad. This is a whole lot worse," the researchers stated in the press release, adding that they found they could plug in the coordinates of any sensitive location and would be able to access sensitive data of users within that location.
The leak shows that it is easy for such apps to share users' precise location data even if the customer blocks the location. 3Fun is expected to have users at high-security places including the White House, the U.S. Supreme Court, CIA headquarters and even 10 Downing Street. The researchers were able to see users' birth dates, sexual orientation, and even photos marked private. None of the data accessed by the researchers were encrypted or had followed proper security protocol.
3Fun was first notified about the vulnerability in July and its developers have stated that they have addressed the flaws and are working on a new version which will "make the product safer."
© Copyright IBTimes 2024. All rights reserved.