Your Tinder account can be hacked with just a phone number, Here is what you need to know

Dating application giant, Tinder accounts are vulnerable to attack by hackers. What's more interesting is that it can be done with just one mobile number. This information is discovered by a cybersecurity company app secure. The cybersecurity company has informed the relevant organisations about this issue. Also, its fixed now.

What is this Tinder exploit?

The exploit is due to a vulnerability in Account Kit by Facebook. The issue is not only due to Facebook's account kit but the implementation followed by the company itself. Tinder requires its users to sync the account with their account. According to a report by AppSecure, the account vulnerability in Tinder enables one to take control into ones account using just a mobile number. The security firm also points out that in this case, the mobile number based login option is provided by Facebook’s Account Kit. Also, that software has a back door which completes this vulnerability.

Also Read: Moto G6 Play specifications G6 series codenames leaked

For those unknown, the Account Kit by Facebook lets users can quickly register and login to an app. This was used by Tinder to log in with their phone number or email addresses. This bypasses a need for a password.

How did this Exploit Work?

The vulnerability of the Account Kit would have allowed the hacker to enter Account Kit. This can be done via user's phone number. And once they are in they can access the user’s access token. With the user's access token for the account, users can log into any account associated with it.

Once the hacker has an access token for your account, they could easily access user's Tinder account. The hacker can easily use anyone's mobile number and gain access token. This was possible as Tinder wasn't verifying or mapping the account token to the right client account. The blog post by AppSecure also says that one can easily read one's private chats, full information swipe right and left or do anything. AppSecure also says Facebook rewarded $5000 for the security vulnerability. Also, the Tinder rewarded them with $1250.