Group Dating App 3Fun Found Exposing Millions Of Sensitive User Data

Sundar Pichai - Oct 05, 2019


Group Dating App 3Fun Found Exposing Millions Of Sensitive User Data

The app has apparently exposed sensitive user data consisting of real-time location, private pictures, and personal information like dates of birth or sexual preferences.

Dating applications have been strongly condemned for poor security in recent years. Grindr, for instance, had user location disclosure issues last year through a technique called “trilateration.” There are even more problems regarding user privacy such as breaches of personal data or sexual abuses. However, 3Fun appears to be the worst security ever for any dating app, said recently by Pen Test Partners.

3fun
3Fun appears to be the worst secured dating app ever.

3Fun describes itself as an app designed for “meeting local kinky, open-minded people for 3some and swinger style”. The platform claims 1.5 million users who are mostly based on “top cities” including New York, Los Angeles, Chicago, Houston, San Francisco, and more.

How It Leaked User Data

According to Pen Test Partners, who reported about the issues from 3Fun, the app has apparently exposed sensitive user data consisting of real-time location, private pictures, and personal information like dates of birth or sexual preferences of its users.

Previously, there have been some data exposure incidences in which hackers spoof GPS locations of users, looking at the distances from them, then getting their exact position. Rather than this “trilateration” method, 3Fun just “sends” users data to the mobile app, exposing in a GET request as below:

Groupapp2 Fw 1
The mobile app is made in a GET request

With a few steps, Pen Test Partners can get the exact location of the U.K users including one in Number 10 Downing Street, and of some users from the White House, as well as the US Supreme Court.

Experts said that data is only archived through the mobile app, not the app server. Even hidden from the app interface, the API still activates for querying as the filtering is client-side.

Pen Test Partners Reached Out To 3Fun

On detecting the problems, Pen Test Partners have reached out to 3Fun, demanding them to debug the security holes. In their reply, 3Fun expressed that they were not aware of the flaws.

Dims
Pen Test Partners reached out to 3Fun, asking them to fix the problems

The company took action immediately and fix the issues, as stated by Pen Test Partners. Nonetheless, personal data of 1.5 million users has been exposed so long on this platform, that’s a real problem.

Next Story

Read More

How To Use macOS Catalina's Voice Control Function

How To- Oct 21, 2019

How To Use macOS Catalina's Voice Control Function

If you have trouble mastering the voice control feature or just want to save some time breaking into on your own, here is our guide to help you

Vivo V17 Pro Review: Immersive Display, Quad-Camera Setup

Review- Oct 21, 2019

Vivo V17 Pro Review: Immersive Display, Quad-Camera Setup

In a word, the Vivo V17 Pro owns a few but intriguing upgrades.

Your Smart Speaker Will Monitor Your Sleeping Baby's Movement And Breathing

Features- Oct 21, 2019

Your Smart Speaker Will Monitor Your Sleeping Baby's Movement And Breathing

The smart speaker has long been used in daily lives to play music, check the weather forecast as well as search things online. Now, they can do more.

Ultrasonic Pressure-Sensitive Is The Technology For Your Next Phone

Features- Oct 21, 2019

Ultrasonic Pressure-Sensitive Is The Technology For Your Next Phone

You may have seen wearables and phones that have touch-sensitive areas, but have you ever seen a phone case completely become a touch surface?

Sophos Found 15 Malicious Apps That Can Hide Their Icons From Users

ICT News- Oct 19, 2019

Sophos Found 15 Malicious Apps That Can Hide Their Icons From Users

According to Google Play Store app pages, over 1.3 million mobile devices have downloaded 15 malicious apps

Google To Patch A Flaw That Lets iPhone Users Have Free Storage On Google Photos

ICT News- Oct 21, 2019

Google To Patch A Flaw That Lets iPhone Users Have Free Storage On Google Photos

According to Android Police, the flaw of Google Photos allows iOS users to have images stored in their original quality without considering the 15GB limit