A Hacker’s Sweet Spot: Love on Dating Platforms

Finding love in the middle of a pandemic isn’t easy. For some, dating apps have become the only options as users lock themselves away at home. But just as these platforms have become more popular, being catfished isn’t the only major concern when meeting someone new. 

12 million active users were on Bumble in 2020 alone. Imagine how much personal information gets collected (e.g. location, demographic, personal characteristics, sexual preferences), and consequently, the giant, red target that dating platforms like Bumble now have on their back. 

Many hackers have turned to dating platforms as a means for financial gain, exploiting any security vulnerability they can find to extract sensitive information, sell on the dark web or threaten to release unless a ransom is paid. With every new software patch or data store creation to store and analyze this information, companies are at risk – and the higher the risk, the higher the reward. 

According to Security Boulevard, dating platforms experienced data breaches almost every month during the pandemic. 

Here are the top 3 data security vulnerabilities that occurred within the past year:

1. MeetMindful

A hacker posted a 1.2 GB file on a publicly accessible hacker forum containing the full names, email addresses, birth dates, geo-locations, IP addresses, and more of over 2 million users. Though it’s unclear how the hacker gained access to the data, cybersecurity experts suspect it was due to a cloud misconfiguration. 

2. Grindr

Various mobile apps including Grindr were exposed to a CVE-2020-8913 vulnerability that allowed threat actors to inject malicious code into the applications, also known as code injection. This vulnerability gave them access to all resources of the “hosting application as well as access [to] data stored on other apps on the same mobile device.”

3. Bumble

An API vulnerability led to the exposure of about 100 million users’ sensitive data, including their Facebook information, weight, height, location, and more. With this data, threat actors can easily deceive and manipulate users into disclosing confidential information, referred to as social engineering, or get crafty and target users through phishing attacks. 

The last thing we expect when trying to find love is to have our information stolen, or worse, used against us. Though dating platforms are only one example, many other industries are affected by data breaches too, and the costs vary by vertical. 

In order to stay vigilant, both consumers and companies must implement proper security practices and take precautions to ensure their data is fully protected. Love doesn’t have to stop here. Learn how to secure your data from creation to deletion with Dasera. Visit www.dasera.com for more information. 


Tu Phan