Dating application giant, Tinder accounts are vulnerable to attack by hackers. What's more interesting is that it can be done with just one mobile number. This information is discovered by a cybersecurity company app secure. The cybersecurity company has informed the relevant organisations about this issue. Also, its fixed now.
The exploit is due to a vulnerability in Account Kit by Facebook. The issue is not only due to Facebook's account kit but the implementation followed by the company itself. Tinder requires its users to sync the account with their account. According to a report by AppSecure, the account vulnerability in Tinder enables one to take control into ones account using just a mobile number. The security firm also points out that in this case, the mobile number based login option is provided by Facebook’s Account Kit. Also, that software has a back door which completes this vulnerability.
Also Read: Moto G6 Play specifications G6 series codenames leaked
For those unknown, the Account Kit by Facebook lets users can quickly register and login to an app. This was used by Tinder to log in with their phone number or email addresses. This bypasses a need for a password.
The vulnerability of the Account Kit would have allowed the hacker to enter Account Kit. This can be done via user's phone number. And once they are in they can access the user’s access token. With the user's access token for the account, users can log into any account associated with it.
Once the hacker has an access token for your account, they could easily access user's Tinder account. The hacker can easily use anyone's mobile number and gain access token. This was possible as Tinder wasn't verifying or mapping the account token to the right client account. The blog post by AppSecure also says that one can easily read one's private chats, full information swipe right and left or do anything. AppSecure also says Facebook rewarded $5000 for the security vulnerability. Also, the Tinder rewarded them with $1250.
This post was last modified on %s = human-readable time difference 3:33 pm
Microsoft launches its Xbox cloud gaming app on Amazon Fire TV devices with access to…
Realme Narzo N55 new Black colourway revealed, here's how it looks. The company also revealed…
Motorola Moto G Power 5G with MediaTek Dimensity 930 chipset, 6GB RAM and 256GB internal…
OnePlus reportedly will rebrand the Nord CE 3 Lite as the Nord N30 for the…
Apple's upcoming iOS 17 could bring a revamp to its Control Center feature. Details are…
Sony currently working on a new handheld gaming console codenamed PlayStation Q Lite. Launch expected…