If you've been using the popular dating app Tinder, which is supposed to help you find potential partners in your own neighborhood (rather than hundreds or thousands of miles away) be warned: a hacker with the most rudimentary of hacking skills can use the device to pinpoint your exact physical location to within 100 feet.
Or could use the device for this — the security flaw has allegedly been fixed. But Tinder isn't offering any details about it, not even to say how long the security breach existed — outsider estimates suggest a range of anywhere from 40 to 165 days.
This news didn't come out because Tinder warned its users about the security risk, but because a “white hat hacking” company called Include Security discovered the flaw.
As BusinessWeekreported on Feb. 19, Include discovered the Tinder security flaw and told Tinder about it on Oct. 23, yet did not get a “meaningful response” from the company until Dec. 2, when a Tinder employee requested more time to fix the problem. The security flaw was (so far as anybody knows) fixed on or by Jan. 1 of this year — though, once again, Tinder never informed its users about it.
The hundred-foot location hack is not the first Tinder security breach, nor the first time the company kept silent about it: last July, when Quartz.com discovered and asked Tinder about a similar security breach, Tinder claimed it only lasted for “a few hours” when in reality it lasted up to two weeks. In November, a Dutch web developer discovered yet another security loophole that exposed users' email addresses to strangers.
As of presstime, we don't know of any currently existing flaws in Tinder security protections — but then again, history suggests that if any such flaws do exist, Tinder's not likely to admit it anyway.