While doing research on the security of dating apps, cybersecurity researchers found multiple client-side flaws which could be easily exploited to access to users’ profiles and details.
A dating site, Tinder was on the hit list of the security researchers at Security Affairs. During the initial investigation, they found out several vulnerabilities which could leave its users at threat.
The research team immediately informed the company about these vulnerabilities and started working with them.
The vulnerabilities on the site were due to a third party vendor, branch.io, which is an attribution platform used by other companies as well. The Tinder security team immediately informed them about the flaw and released a patch for the vulnerabilities.
Tinder is not the only website that has a vulnerable endpoint in their code and domains. The famous websites which has vulnerable endpoint are Shopify, Yelp, Western Union, and Imgur.
As many as 685 million users are at risk due to vulnerable endpoint in their code and domains
However, the company has fixed the flaw, but it is highly recommended to check your account whether it has been compromised or not. Even if it has not been breached it is good to change your password as soon as possible.