The dating app Tinder suffered a pretty big vulnerability that left users’ precise location open to snoops and other ne’er-do-wells. The issue was discovered by Include Security, which says users’ precise location was vulnerable for between 40 and 165 days, unbeknownst to them.
The idea behind Tinder is that it connects nearby individuals with each other, providing a general idea of their position, which is rounded to the nearest mile. Such a distance is close enough to let two chatty people determine if they want to meet up, but still large enough to give someone an element of privacy.
It was this past October when Include Security spotted the issue: a user’s mileage was being provided to 15 decimal places, allowing someone to pinpoint their near-precise location with little effort. According to the findings, someone could pinpoint a user to within 100 feet of their location, posing a rather large privacy issue.
Tinder hadn’t made any official statement about the security issue, but began working on it sometime after being notified by Include Security. According to the security company, Tinder contacted them on December 2 in a request to have more time to fix the issue without Include Security publishing its findings, and the problem was patched by January 1.
Said Tinder is a statement to Bloomberg: “Shortly after being contacted, Tinder implemented specific measures to enhance location security and further obscure location data. We did not respond to further inquiries about the specific security remedies and enhancements taken as we typically do not share the specifics of Tinder’s security measures. We are not aware of anyone else attempting to use this technique. Our users’ privacy and security continue to be our highest priority.”