Video reveals how anyone can access your Tinder account using only a phone number


Hackers could break into your Tinder account with nothing more than your telephone number, security experts have discovered.

The alarming security flaw means that a hacker could access all your chat history and personal data without even needing a password.

Researchers at Indian security firm Appsecure who discovered the bug say the flaw exists because of a problem with the app’s login process.

When trying to login to Tinder, you are given the option to use your phone number as a security identifier.

Your phone number is then sent to the Facebook developed Account Kit software for authentication.

But according to researchers there was a crack in the authentication process which meant hackers could compromise “access tokens” which store a string of data containing login credentials for the user.

Experts also found that the login system on the Tinder app wasn’t double checking that the access token matched the client’s ID, which identifies a user.

Anand Prakash, who discovered the flaw, said: “The user clicks on Login with Phone Number on and then they are redirected to for login.

“If the authentication is successful then Account Kit passes the access token to Tinder for login.

“Interestingly, the Tinder API was not checking the client ID on the token provided by Account Kit.

“This enabled the attacker to use any other app’s access token provided by Account Kit to take over the real Tinder accounts of other users.”

The security flaws have now been fixed by Tinder and Facebook, who awarded Mr Prakash bug bounties of $1,250 and $5,000, respectively.

The fact that the security flaws existed at all may be a concern for Tinder users.

However, Tinder has released a statement to try and put user’s minds at ease.

“Security is a top priority at Tinder.

“Like other major global technology companies, we employ a network of tools and systems to protect the integrity of our platform.

“As part of our ongoing efforts in this arena, we employ a Bug Bounty Program and work with skilled security researchers across the globe to responsibly identify potential issues and quickly resolve them.

“At Tinder, we are constantly improving our protocols to not only meet, but exceed industry best practices.

“However, we do not discuss any specific security measures or strategies, so as not to tip off malicious hackers.”


Comments are closed.