Dating application giant, Tinder accounts are vulnerable to attack by hackers. What's more interesting is that it can be done with just one mobile number. This information is discovered by a cybersecurity company app secure. The cybersecurity company has informed the relevant organisations about this issue. Also, its fixed now.
What is this Tinder exploit?
The exploit is due to a vulnerability in Account Kit by Facebook. The issue is not only due to Facebook's account kit but the implementation followed by the company itself. Tinder requires its users to sync the account with their account. According to a report by AppSecure, the account vulnerability in Tinder enables one to take control into ones account using just a mobile number. The security firm also points out that in this case, the mobile number based login option is provided by Facebook’s Account Kit. Also, that software has a back door which completes this vulnerability.
Also Read: Moto G6 Play specifications G6 series codenames leaked
For those unknown, the Account Kit by Facebook lets users can quickly register and login to an app. This was used by Tinder to log in with their phone number or email addresses. This bypasses a need for a password.
How did this Exploit Work?
The vulnerability of the Account Kit would have allowed the hacker to enter Account Kit. This can be done via user's phone number. And once they are in they can access the user’s access token. With the user's access token for the account, users can log into any account associated with it.
Once the hacker has an access token for your account, they could easily access user's Tinder account. The hacker can easily use anyone's mobile number and gain access token. This was possible as Tinder wasn't verifying or mapping the account token to the right client account. The blog post by AppSecure also says that one can easily read one's private chats, full information swipe right and left or do anything. AppSecure also says Facebook rewarded $5000 for the security vulnerability. Also, the Tinder rewarded them with $1250.
The post is nicely arranged. I visit the author has a true knack for this particular topic.
I like that theme, and I’m in constant search of new bits and the most recent news.
I truly loved that one, because it is filled with interesting facts and it is a sort of
article. I spent just a few minutes reading, and due to well-structured text,
I know it completely. Thanks!