Tinder vulnerability that lets hackers steal your account patched

February 21, 2018

Is Copilot the best AI companion out there? Help us find out by answering a couple of quick questions!

Tinder was made vulnerable to an attack that would have let hackers take over a user account with the user’s phone number. This attack exploited Facebook’s account kit system and a unique vulnerability introduced in Tinder’s implementation of account kit.

Tinder wasn’t checking user’s account tokens generated by account kit against their associated client IDs, so hackers which had gained access to the account token by manipulating Facebook’s account kit bug could then take control of an entire Tinder account.

The vulnerability was found by Appsecure, who reported to both Facebook and Tinder earlier this year.

A Facebook spokesperson delivered the following comment to the Verge “We quickly addressed this issue, and we’re grateful to the researcher who brought it to our attention.”

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}