A security flaw on Tinder means that hackers could be watching your every move, even to the extent that they can change pictures on your profile.
Researchers from Checkmarx have warned users that there are “disturbing” vulnerabilities that affect both the iOS and Android versions of the app.
It appears that hackers who are using the same WiFi network can monitor your moves as the site lacks an HTTPS encryption.
A second flaw lets hackers see data patterns for specific actions, such as swiping left and right, Wired reported.
In a recent blog post, Checkmarx said, “The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app.
“It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content (as demonstrated in the research).
“While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app.”
The company went on to explain that hackers could not access or send messages but the Tel Aviv-based security firm built a proof-of-concept piece of software called TinderDrift to demonstrate their findings.
Tinder responded to Wired and their spokesperson said, “Like every other technology company, we are constantly improving our defences in the battle against malicious hackers.”
They also said that Tinder profile pictures are public to begin with and added: “We are working towards encrypting images on our app experience as well.
“However, we do not go into any further detail on the specific security tools we use, or enhancements we may implement to avoid tipping off would be hackers.”