Saturday, April 27, 2024
News

Group dating app 3Fun caught exposing real-time locations, private photos

By Digitaltrends
Group dating app 3Fun caught exposing real-time locations, private photos

Share

3Fun, a dating app for arranging threesomes with more than 1.5 million users, exposed sensitive information, including real-time locations and private pictures.

The app’s lack of security was discovered by Pen Test Partners, which claimed that 3Fun featured what was “probably the worst security for any dating app we’ve ever seen” with none of the user data protected by encryption.

According to Pen Test Partners, other dating apps such as Grindr were criticized for user location disclosures in the past through trilateration, which grabbed a person’s exact location through the exploitation of the “distance from me” feature in apps by spoofing GPS positions.

3Fun, however, extracted the latitude and longitude coordinates of users, and even if they restricted sending that information, the data was still on the server. Through it, Pen Test Partners was able to pinpoint the locations of the group dating app’s users across several major cities. Some were even found in the White House, the U.S. Supreme Court, and in Number 10 Downing Street in London, though they were likely spoofing their locations.

Pen Test Partners also found that the private photos of people on 3Fun were also exposed, even when they used the proper privacy settings. Other exposed user information includes birth dates, gender, sexual orientation, and preferred matches. In addition, users may spoof their location to find out information about other users in a specific area.

Pen Test Partners forwarded its findings to TechCrunch, which ran the same tests and confirmed the findings against 3Fun’s security.

Making matters a bit worse was that when Pen Test Partners reached out to 3Fun on July 1 regarding the data privacy issues, the team behind the app asked for suggestions on what they could do to fix the problems. Pen Test Partners founder Ken Munro told TechCrunch that the 3Fun team took weeks to patch up the issues.

“3fun took action fairly quickly and resolved the problem, but it’s a real shame that so much very personal data was exposed for so long,” according to Pen Test Partners.

The data privacy issues involving dating apps follow the mishap with Coffee Meets Bagel, which announced on Valentine’s Day that an unauthorized party had gained access to user data.

Editors’ Recommendations

  • The best dating apps for 2019

  • Tinder Lite will soon launch to bring the dating game into emerging markets

  • Personal information from Grindr was accessible by Chinese engineers

  • The best weather apps for the iPhone, iPad, and iPod Touch

  • Bumble opens video chat and voice calling to matches, without revealing numbers






Read more

More News

The AIVAnet is a collector and classifier of app news articles and online technology news, which works automatically by collecting and collating the RSS feeds from popular sites (IOS news feed,latest tablet news, etc.).
The articles deal with mobile app reviews, especially with android reviews, and IOS. One of the central thematic axes is also the comparisons. You can find articles with tablet reviews, comparisons and mobile OS systems or mobile OS stats.
We also provide some of the most popular app news express, for android and IOS or windows phone. The online technology news that you can find in our pages are just opinions and ideology, allowing you to see how different news agencies present the same news.

AIVAnet is supported by Cloud Services Store

Company

© AIVAnet