Tinder users could have had their near-exact location revealed for more than two months last year while a flaw in the app remained unfixed. The flaw, which has since been patched, could have allowed a hacker to triangulate a user’s location to within 100 feet. Utilizing the flaw meant knowing a user’s current city and their behind-the-scenes identifier in the app, however, which meant that the hacker would likely have had to intercept their target’s phone traffic in the past before putting the vulnerability to use.
Internet security researchers in New York say that a flaw in Tinder, the super-popular hookup app, made it possible to find users’ precise location for between 40 and 165 days, without any public notice from the company. Tinder—which connects flirty smartphone users with others nearby—is supposed to show users roughly how close they are to each other. Distance is rounded to the nearest mile, a safe-seeming threshold that has helped the app become addictive to both sexes. In October, however, researchers at Include Security discovered that Tinder servers were actually giving much more detailed information—mileage to 15 decimal places—that would allow any hacker with “rudimentary” skills to pinpoint a user’s location to within 100 feet. Depending on the neighborhood, that’s close enough to determine with alarming accuracy where, say, an ex-girlfriend is hanging out.