Incident Response, TDR, Threat Management

Match bypass flaw discovered and fixed in dating app Tinder

Finding Facebook IDs and bypassing the match mechanism was never easier in Tinder, a popular mobile dating app that is designed to offer singles a chance to stealthily check out potential mates and connect with people who are mutually interested.

The issue has since been rectified, but on Saturday, web developer Shaked Klein Orbach blogged about an issue that would allow users to discover Facebook IDs – depending on the target's Facebook privacy settings – and leverage that credential into connecting with and identifying the person.

“We want to thank Mr. Orbach for pointing out a way to create a match with another user through manipulating certain API calls,” Sean Rad, Tinder CEO, told qz.com. “This issue is now resolved and to our knowledge no one was affected outside of Mr. Orbach's test.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.