Group dating app exposed 1.5m users’ data in ‘privacy trainwreck’

0
Group dating app exposed 1.5m users' data.

More than 1.5m users of threesome dating app 3Fun had their data exposed right down to their real-time location, in what security researchers have called “a privacy trainwreck”.

In the description on the Google Play Store, the app promises that “only your matches can see your hot private photos.” This, it turns out, wasn’t true at all.

UK-based Pen Test Partners found that none of the app’s user data was encrypted, leaking the precise location, photos and other personal details of any nearby user.

Ken Munro, founder of Pen Test Partners, said it was “probably the worst security for any dating app we’ve ever seen.” The company’s researchers were easily able to locate 3fun users, with some pin-pointed inside the White House, the Pentagon and at 10 Downing Street (although this could be the work of tech-savvy users spoofing the app’s poor security, it does show just how important data encryption is).

Pen Test Partners contacted 3fun on July 1 and asked the company to solve the security issues, but it took three weeks before a fix was put in place. But while the company might have tightened up security, recent user feedback on the Google Play Store says the app is “90% fake profiles”.

The report on Pen Test Partner’s website explains: “Several dating apps including Grindr have had user location disclosure issues before, through what is known as ‘trilateration’. This is where one takes advantage of the ‘distance from me’ feature in an app and fools it… But, 3fun is different. It just ‘leaks’ your position to the mobile app. It’s a whole order of magnitude less secure.”

The combination of real-time location tracking, easily-accessible photos and personal information (including full names, birthdays and sexual orientation) means 3fun users’ info was publicly-available way beyond the people you match with.

Data security on dating apps is no new issue – in May this year, a security researcher discovered an open database that listed people’s usernames, ages, locations and even IP addresses.

Read Next: Gay dating app Scruff buys Jack’d, promises better security for users

Affiliate Disclosure
Some articles contain affiliate links that allow us to earn money if you decide to purchase any of these products or services. This does not cost you any extra, and it allows us to continue to run this independent website without ads. Affiliate links have no relation to review ratings or other editorial coverage. You can read the full policy here.

Tara
Tara

Tara Lepore's expertise and writing prowess have been showcased through her contributions to respected publications such as Wired, The Guardian, Vice, and Gizmodo. Her insightful articles within these outlets have provided readers with an in-depth understanding of the intricate connection between sex and technology. Tara's ability to deliver well-researched and thought-provoking content has made her a valuable contributor in the field, capturing the attention of a wide audience and leaving a lasting impact. Her writing style effortlessly combines expert knowledge with a relatable and engaging tone, making complex topics accessible to all. Through her work, Tara Lepore continues to enlighten readers and shape the conversation on the ever-evolving landscape of sex and technology.

Be the first to leave a comment

Leave a reply

SEXTECHGUIDE
LATEST
Comparisons
20+ Best VR Porn Sites
6+ Best Gay & Trans VR Porn Sites
10+ Best AI Porn Generators
3+ Best AI Girlfriend Apps
9+ Best XXX Cam Sites
15+ Best Chromecast Porn Sites
13+ Best Porn Apps
9+ Best iPhone Porn Sites
Ultimate Sound-responsive Vibrator Guide
6+ OnlyFans Alternatives
10+ Best Toys for People with Disabilities
14+ Best Mini Vibrators
13 Sex Tech Solutions for Premature Ejaculation
7-Step Guide to Camming
Watch VR Porn on Any Headset
Consent 101