Your digital dating life is a lot less vulnerable to hackers after security updates from Tinder.
In a letter sent on Wednesday to Sen. Ron Wyden, a Democrat from Oregon, the company said it’s fixed multiple cybersecurity issues surrounding Tinder’s app.
Match Group, which owns Tinder and recently purchased Hinge, said images and swipes sent between Tinder’s app and servers are now encrypted, which means that hackers will have a much harder time spying on your love life.
“We take the security and privacy of our users seriously and employ a network of tools and systems to protect the integrity of our platform, including encryption,” Jared Sine, Match Group’s general counsel, said in the letter.
If you’re not familiar with Tinder, it’s a dating app that more than 50 million people use to find others, swiping left to reject profiles and right to accept a potential date based on photos.
The fixes address two security flaws that researchers from Checkmarx, a cybersecurity company, discovered in January. The researchers found that the pictures stored on Tinder’s servers were using an insecure and outdated HTTP connection, which meant that any hacker on the same Wi-Fi network could view it, and potentially even replace them without people knowing.
Another vulnerability allowed hackers to view who you’re swiping left and right on. Even though that data was encrypted, each response had a different file size — so it was easy to tell which actions were likes, dislikes or super likes.
Match Group said it’s fixed this by making all swipe data the same size. The change took effect on June 19. It’s unclear why it had taken almost five months for Tinder to fix the issue since the company was notified in January. Match Group did not respond to a request for comment.
The HTTP issue was fixed much sooner, with Tinder photos switching to full encryption by February 6.
Wyden had requested answers from Match Group back in February, sending a letter out on Valentine’s Day.
“These common-sense security fixes would provide Tinder users with the level of security and privacy they expect from a service that holds some of their most private information,” Wyden wrote in his letter.
Post a comment