Hackers Exploit Tinder Vulnerability, Compromise Accounts using End-Users’ Mobile Number

Only last month experts found that there was vulnerability within Tinder the dating application which if exploited can allow strangers to view the victim's photographs and matches. Evidently, Appsecure (via The Verge) reports that one fresh security flaw has emerged which appears as being potentially very destructive.

After Tinder became susceptible to an assault, hackers effectively compromised an end-user's account with that person's mobile number. The assault abused the A/C kit system of Facebook as well as one unique security flaw affecting the running of A/C kit by Tinder.

Specifically, because there was no checking by Tinder of end-users' account tokens that A/C kit produced vis-à-vis their matching client addresses, therefore attackers who hacked into account token via exploitation of the A/C kit flaw in Facebook were able to get hold over a complete Tinder account. Ubergizmo.com posted this, February 21, 2018.

Explaining the attack, Appsecure says it works by abusing two different flaws-one inside Tinder and another inside the Account Kit system of Facebook that Tinder utilizes for handling logins. The flaw actually bared end-users' access tokens, implying a hacker who acquired an active access token was able to easily compromise an end-user's account.

However, the situation has been brought under control with Tinder patching the flaw implying that end-users can safely carry on. But before the security patch, it was possible for hackers to gain hold of Tinder accounts via the vulnerability by utilizing simply one phone-number.

A Facebook representative over an interaction with The Verge stated that his company fast addressed the problem while it expressed gratitude to the expert for drawing the company's attention to it. Moreover, Tinder too responded stating it was Tinder's top priority to maintain security. Nevertheless, Tinder didn't talk about its security measures for avoiding malicious hackers as tipping off. Meanwhile, Appsecure is recipient of bounties valuing $1,250 from Tinder and $5,000 from Facebook.

According to Prakash, both Tinder and Facebook quickly patched the security flaws. What's more, Appsecure even got rewards in bug bounty to carry out its work in this regard - $1,250 and $5,000 from Tinder and Facebook separately.

» SPAMfighter News - 3/1/2018