Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.

Dating Site Bumble Leaves Swipes Unsecured for 100M Users

posted by Fnord666 on Tuesday November 17 2020, @04:08PM   Printer-friendly
from the bumbled-data dept.

upstart writes in with an IRC submission:

Dating Site Bumble Leaves Swipes Unsecured for 100M Users:

Bumble fumble: An API bug exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles.

After a taking closer look at the code for popular dating site and app Bumble, where women typically initiate the conversation, Independent Security Evaluators researcher Sanjana Sarda found concerning API vulnerabilities. These not only allowed her to bypass paying for Bumble Boost premium services, but she also was able to access personal information for the platform's entire user base of nearly 100 million.

Sarda said these issues were easy to find and that the company's response to her report on the flaws shows that Bumble needs to take testing and vulnerability disclosure more seriously. HackerOne, the platform that hosts Bumble's bug-bounty and reporting process, said that the romance service actually has a solid history of collaborating with ethical hackers.

[...] She reverse-engineered Bumble's API and found several endpoints that were processing actions without being checked by the server. That meant that the limits on premium services, like the total number of positive "right" swipes per day allowed (swiping right means you're interested in the potential match), were simply bypassed by using Bumble's web application rather than the mobile version.

[...] On a more lighthearted note, Sarda also said that during her testing, she was able to see whether someone had been identified by Bumble as "hot" or not, but found something very curious.

"[I] still have not found anyone Bumble thinks is hot," she said.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Dating Site Bumble Leaves Swipes Unsecured for 100M Users | Log In/Create an Account | Top | 8 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Freeman on Tuesday November 17 2020, @05:24PM (2 children)

    by Freeman (732) on Tuesday November 17 2020, @05:24PM (#1078350) Journal

    I'm guessing it's a per user kind of thing, at least that would make the most sense to me. Why would I care about your version of hot except as it applies to me? If I was using the site, I would care what my version of hot is. Or a mutual hotness factor, so I think you're hot and you think I'm hot, so let's get together kind of thing.

    --
    Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by RS3 on Tuesday November 17 2020, @05:53PM (1 child)

    by RS3 (6367) on Tuesday November 17 2020, @05:53PM (#1078362)

    Maybe it's the number of right-swipes vs. left-swipes?

    • (Score: 1, Offtopic) by Freeman on Tuesday November 17 2020, @06:29PM

      by Freeman (732) on Tuesday November 17 2020, @06:29PM (#1078375) Journal

      Beats me, I already had my girl, before most *all?* of the current online dating sites even existed. Certainly, before it became a common practice.

      --
      Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"