NewsBytes
    Hindi Tamil Telugu
    More
    In the news
    Narendra Modi
    Amit Shah
    Box Office Collection
    Bharatiya Janata Party (BJP)
    OTT releases
    Hindi Tamil Telugu
    NewsBytes
    User Placeholder

    Hi,

    Logout

    India
    Business
    World
    Politics
    Sports
    Technology
    Entertainment
    Auto
    Lifestyle
    Inspirational
    Career
    Bengaluru
    Delhi
    Mumbai

    Download Android App

    Follow us on
    • Facebook
    • Twitter
    • Linkedin
    Home / News / Technology News / Woah! Tinder flaw allowed access to accounts through phone number
    Next Article
    Woah! Tinder flaw allowed access to accounts through phone number

    Woah! Tinder flaw allowed access to accounts through phone number

    By Bhavika Bhuwalka
    Feb 22, 2018
    05:26 pm

    What's the story

    According to the findings of security agency Appsecure, a Tinder login flaw allowed anyone to access an account just by using the registered phone number.

    Tinder has since changed its login system to fix the issue, but the security lapse in itself was pretty big in nature.

    Here is more on the fragile login system of the popular dating app.

    Facebook Flaw

    Facebook API that managed Tinder logins was flawed as well

    The vulnerability exploited a software flaw both in Tinder's login process and the Facebook API used to manage its logins.

    When a user logs in to Tinder, they have the option of using their phone number as username which is sent to Facebook's Account Kit system for authentication.

    The Facebook vulnerability authenticated users' access tokens associated with the number through a simple API request.

    Tinder Flaw

    Tinder's login system wasn't cross checking the Facebook vulnerability

    In addition, Tinder's implementation of the Facebook API had its own vulnerability.

    Tinder's login system wasn't verifying these access tokens with the corresponding client ID of the associated user, meaning a valid access token could get anyone inside an account.

    This let researchers take over a Tinder account, complete with full access to profile and chats.

    Information

    Both Tinder and Facebook took note of the problem

    Appsecure received rewards of $5,000 and $1,250 from Facebook and Tinder's respective bug bounty programs for reporting the vulnerability. "We quickly addressed this issue and we're grateful to the researcher who brought it to our attention," Facebook said.

    Quote

    Won't disclose security patch in detail: Tinder

    Whereas Tinder said, "Security is a top priority at Tinder. We are constantly improving our protocols to not only meet, but exceed industry best practices. However, we do not discuss any specific security measures or strategies, so as not to tip off malicious hackers."

    Facebook
    Whatsapp
    Twitter
    Linkedin
    Related News
    Latest
    Facebook
    Security
    Tinder

    Latest

    Prince, Arjun Bijlani, more reality stars who won jaw-dropping prizes Arjun Bijlani
    Tottenham Hotspur beat Manchester United, win Europa League title: Stats Tottenham Hotspur FC
    'Good Sex': All about Netflix romcom featuring Natalie Portman-Mark Ruffalo  Mark Ruffalo
    Mitchell Santner floors Delhi Capitals with 3/11: Key stats Mitchell Santner

    Facebook

    It's the power, stupid: Sheryl Sandberg on workplace sexual harassment Sexual Harassment
    Facebook launches "Messenger Kids" for users as young as 6! iOS
    Egyptian singer jailed for suggestively eating fruits in music video Egypt
    How's the JioPhone doing three months after launch? A verdict Reliance Jio

    Security

    Internet privacy: US opens doors for exploitation of users' data Ajit Pai
    UP CM Adityanath's security beefed up over terror threats Jammu And Kashmir
    Bengaluru: Security-check at airport will now take only 25 seconds Karnataka
    As security becomes pricier, flights get costlier India

    Tinder

    World's last northern male rhino joins Tinder to find mates Sudan
    How is this 'one-male dating app' competing with Tinder? HSBC Bank
    Forget Tinder! This app lets you date celeb lookalikes Justin Bieber
    LinkedIn introduces Tinder like service to unite mentors and mentees San Francisco
    Indian Premier League (IPL) Celebrity Hollywood Bollywood UEFA Champions League Tennis Football Smartphones Cryptocurrency Upcoming Movies Premier League Cricket News Latest automobiles Latest Cars Upcoming Cars Latest Bikes Upcoming Tablets
    About Us Privacy Policy Terms & Conditions Contact Us Ethical Conduct Grievance Redressal News News Archive Topics Archive Download DevBytes Find Cricket Statistics
    Follow us on
    Facebook Twitter Linkedin
    All rights reserved © NewsBytes 2025