Date:22/02/18
Anand Prakash exposed a vulnerability in software which allows users of the dating app to conveniently log in to their accounts without entering a password.
The 24-year-old said hackers could gain access to a Tinder account “within seconds” if they knew the mobile phone number the victim used to log in to the app via Facebook’s Account Kit.
He said the hacker would have “full control over the victim’s account”, gaining access to their private chats, personal information and allow them to interact with other users.
“If the hacker knew the victim's phone number used to sign in they could have used this trick to hack into Tinder accounts,” he told The Telegraph.
Mr Prakash, from Bangalore, India, added it was “very easy” to exploit the security flaw which he immediately reported to Facebook and Tinder.
It left the personal data of users at risk before it was promptly fixed, earning him a $5,000 reward from Facebook and $1,250 bounty from Tinder.
The product security engineer earns a full-time living as a bug bounty hunter through exposing and identifying major security flaws to global companies.
He has earned more than $350,000 (£250,000) to date from exploiting security loopholes, previously exposing how to get free Uber rides and how to hack into any Facebook account.
Mr Prakash is ranked among the top bounty hunters on Facebook, who offer monetary rewards to hackers based on risk, impact and other factors through its White Hat bug-finding programme.
Professor Alan Woodward, a cybersecurity expert at the University of Surrey, said the Tinder hack is “likely to be limited compared to some of the mass data breaches we’ve seen previously”.
“The vulnerability was disclosed responsibly and has now been fixed so I suspect the risk that individuals may have been compromised is relatively small,” he said. But he added the “simplicity of the exploit is troubling”.
“It’s the sort of thing that you would expect to be picked up in testing long before a security researcher finds it,” he said.
“One thing it does show is the role ethical hackers play in the security ecosystem is vital. Without them, this sort of simple exploit would inevitably become widely known.”
Tinder and Facebook have not commented on the security flaw.
Hackers could break into Tinder accounts with just a phone number
Computer programmer has revealed how he was able to hack into Tinder accounts using just a phone number.Anand Prakash exposed a vulnerability in software which allows users of the dating app to conveniently log in to their accounts without entering a password.
The 24-year-old said hackers could gain access to a Tinder account “within seconds” if they knew the mobile phone number the victim used to log in to the app via Facebook’s Account Kit.
He said the hacker would have “full control over the victim’s account”, gaining access to their private chats, personal information and allow them to interact with other users.
“If the hacker knew the victim's phone number used to sign in they could have used this trick to hack into Tinder accounts,” he told The Telegraph.
Mr Prakash, from Bangalore, India, added it was “very easy” to exploit the security flaw which he immediately reported to Facebook and Tinder.
It left the personal data of users at risk before it was promptly fixed, earning him a $5,000 reward from Facebook and $1,250 bounty from Tinder.
The product security engineer earns a full-time living as a bug bounty hunter through exposing and identifying major security flaws to global companies.
He has earned more than $350,000 (£250,000) to date from exploiting security loopholes, previously exposing how to get free Uber rides and how to hack into any Facebook account.
Mr Prakash is ranked among the top bounty hunters on Facebook, who offer monetary rewards to hackers based on risk, impact and other factors through its White Hat bug-finding programme.
Professor Alan Woodward, a cybersecurity expert at the University of Surrey, said the Tinder hack is “likely to be limited compared to some of the mass data breaches we’ve seen previously”.
“The vulnerability was disclosed responsibly and has now been fixed so I suspect the risk that individuals may have been compromised is relatively small,” he said. But he added the “simplicity of the exploit is troubling”.
“It’s the sort of thing that you would expect to be picked up in testing long before a security researcher finds it,” he said.
“One thing it does show is the role ethical hackers play in the security ecosystem is vital. Without them, this sort of simple exploit would inevitably become widely known.”
Tinder and Facebook have not commented on the security flaw.
Views: 463
©ictnews.az. All rights reserved.Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World