Group dating app, 3fun, has been found exposing the data of its 1.5 million users.
The threeseome & swingers app has been described as having “probably the worst security for any dating app we’ve ever seen.”
Researchers have found that 3fun, have exposed the near real time location of users – whether they were at work, home, or on the move. It also exposed users dates of birth, sexual preferences and chat. Additionally it had exposed the private pictures of its users, even if privacy was set.
With other data leaks involving similar dating apps, such as Grindr and Romeo, researchers found that by spoofing a GPS position and looking at the distances from the user, a precise location can be identified.
“But, 3fun is different. It just ‘leaks’ your position to the mobile app. It’s a whole order of magnitude less secure,” explained Pen Test Partners’ Alex Lomas.
Users can restrict the sending of latitude and longitude information, however data can be queried via API and is still available.
3fun were contacted on the 1st July and were asked to fix the security flaws. The app quickly resolved the problem.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/