TOP NEWS

Tinder Flaw Allowed Anyone Into Your Account, Using Just Your Phone Number

Los Angeles-based dating app developer Tinder has been vulnerable to hacking, in an exploit which just required someone to have your phone number, according to a security researcher, who published information on a (now fixed) bug in Tinder's login process. According researchers at security researcher Anand Prakash, the flaw came from Tinder's use of the Facebook Account Kit API, an API which allowed anyone with a Facebook account to sign into Tinder using just their phone number. Apparently, Tinder's developers failed to check for the "client ID" on the app, letting an attacker easily spoof a login to Tinder using just a simple web API request. According to Prakash, the bug was quickly fixed by both Facebook and Tinder. It's unclear if any accounts were compromised using the attack. A report last year said that Tinder was "full of security holes".