Group dating app exposed 1.5m users’ data in ‘privacy trainwreck’

Updated October 13, 2022

Published August 14, 2019

We may earn a commission via links on our site.

Our editorial policy and independence is vitally important to us. It has been crafted drawing upon more than 15 years of publishing experience – we wouldn’t jeopardise this reputation for a free product or travel of any kind.

At SEXTECHGUIDE, transparency, honesty, and integrity are the core of our values. We are committed to providing high-quality, unbiased content to our readers. Below are our detailed guidelines on how we maintain our editorial independence and ethical standards. We do not accept sponsored content or link insertion requests.

More than 1.5m users of threesome dating app 3Fun had their data exposed right down to their real-time location, in what security researchers have called “a privacy trainwreck”.

In the description on the Google Play Store, the app promises that “only your matches can see your hot private photos.” This, it turns out, wasn’t true at all.

UK-based Pen Test Partners found that none of the app’s user data was encrypted, leaking the precise location, photos and other personal details of any nearby user.

Explore topics mentioned in this article

Dating Apps

Ken Munro, founder of Pen Test Partners, said it was “probably the worst security for any dating app we’ve ever seen.” The company’s researchers were easily able to locate 3fun users, with some pin-pointed inside the White House, the Pentagon and at 10 Downing Street (although this could be the work of tech-savvy users spoofing the app’s poor security, it does show just how important data encryption is).

Pen Test Partners contacted 3fun on July 1 and asked the company to solve the security issues, but it took three weeks before a fix was put in place. But while the company might have tightened up security, recent user feedback on the Google Play Store says the app is “90% fake profiles”.

The report on Pen Test Partner’s website explains: “Several dating apps including Grindr have had user location disclosure issues before, through what is known as ‘trilateration’. This is where one takes advantage of the ‘distance from me’ feature in an app and fools it… But, 3fun is different. It just ‘leaks’ your position to the mobile app. It’s a whole order of magnitude less secure.”

The combination of real-time location tracking, easily-accessible photos and personal information (including full names, birthdays and sexual orientation) means 3fun users’ info was publicly-available way beyond the people you match with.

Data security on dating apps is no new issue – in May this year, a security researcher discovered an open database that listed people’s usernames, ages, locations and even IP addresses.

Article by

Tara

Tara Lepore’s expertise and writing prowess have been showcased through her contributions to respected publications such as Wired, The Guardian, Vice, and Gizmodo. Her insightful articles within these outlets have provided readers with an in-depth understanding of the intricate connection between sex and technology.Tara’s ability to deliver well-researched and thought-provoking content has made her a valuable contributor in the field, capturing the attention of a wide audience and leaving a lasting impact. Her writing style effortlessly combines expert knowledge with a relatable and engaging tone, making complex topics accessible to all.Through her work, Tara Lepore continues to enlighten readers and shape the conversation on the ever-evolving landscape of sex and technology.

Get in touch