Facepalm: Jobs, relationships and more are at risk when dealing with security issues involving highly personal apps like these. It also invites the possibility of real time stalking as it is trivially easy to work out user identities and track people using location data.
Security researchers recently found a vulnerability in group dating app 3Fun that exposed near real time location data on all of its 1.5 million users.
The lax security was discovered by Pen Test Partners but it didn’t end there. The team was also able to access user chat data, sexual preferences, dates of birth and even private pictures, regardless of whether or not in-app privacy measures were ticked.
Armed with all of this information, it would be incredibly easy to work out identities and stalk users in real time. The security firm described it as a privacy train wreck.
Worse yet, the team found an “interesting side effect” that allowed them to query user gender and, for example, work out the ratio of straight men to straight women. For those curious, it came out to four to one, so four straight men for every straight woman. “Sounds a bit ‘Ashley Madison’ doesn’t it…,” the firm concluded.
Pen Test Partners contacted 3Fun about the security issues on July 1 and on July 8, a new version of the app was released that addressed the concerns. “We will focus on updating our product to make it safer,” a spokesperson told The Verge.
Masthead credit: Stalking by oneinchpunch