And in further proof that privacy barely exists anymore, a popular new
hookup social media app turns out to have had a huge security flaw that was broadcasting your GPS location and all your Facebook data for anyone who could find it. That app would be Tinder, and though initial reports suggested that the flaw was fixed within hours, a software engineer familiar with the issue says he first emailed the company about it on July 8. It was not fixed for two weeks.
Valleywag is making a fuss about it not because of the egregiousness of the flaw itself, which was really only useful to tech-savvy folk on the same wireless network as you, but because Tinder isn't being very honest about it, for fear of losing users, obviously. Tinder CEO Sean Rad issued a statement yesterday insisting that the data- and location-exposing flaw was "very, very, very brief" and was patched quickly, but that seems to be a lie.
Software engineer Michael Soares shared an email string showing that he first alerted the company to the flaw on July 8, and someone responded saying they were fixing it on July 15. It was not until July 23 that news went public about the problem, which some hackers also exposed and talked about over the weekend.
To be clear, the flaw basically allowed an experienced hacker/software person to launch a "man-in-the-middle" attack while on another user's wi-fi network, allowing them access to the user's name, birthdate and other Facebook info, and their last exact GPS location when they were last running the app.