Tinder vulnerability that lets hackers steal your account patched

Home » News

Reading time icon 1 min. read

Calendar icon Updated on

by Michael Allison 

updated on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Tinder was made vulnerable to an attack that would have let hackers take over a user account with the user’s phone number. This attack exploited Facebook’s account kit system and a unique vulnerability introduced in Tinder’s implementation of account kit.

Tinder wasn’t checking user’s account tokens generated by account kit against their associated client IDs, so hackers which had gained access to the account token by manipulating Facebook’s account kit bug could then take control of an entire Tinder account.

The vulnerability was found by Appsecure, who reported to both Facebook and Tinder earlier this year.

A Facebook spokesperson delivered the following comment to the Verge “We quickly addressed this issue, and we’re grateful to the researcher who brought it to our attention.”

More about the topics: facebook, security, tinder

Michael Allison

Michael Allison Shield

Senior Editor

Senior editor at @MSpoweruser. Writes about all Windows 10, Skype, Surface, Edge. Also covers social media news.