scorecardresearch
Business Today
Subscribe
PMS Today US News India UPSTART Weather BT Shorts NRI Education Election
BT Golf BT Mindrush BT Best Banks
Clear all
Search

COMPANIES

No Data Found

NEWS

No Data Found
Sign in Subscribe
events
Special
  • BT tech today
  • BT 500 wealth creators summit
  • Economic Indicators
News
TECHNOLOGY
Security bug in dating app Bumble could have exposed exact location of users

Feedback

Security bug in dating app Bumble could have exposed exact location of users

A security researcher has unearthed a vulnerability on Bumble that could have allowed attackers to get the precise location of the other users.

Join Our WhatsApp Channel
SUMMARY
  • A security bug on popular dating app Bumble could have exposed the exact location of users.
  • A security researcher has unearthed a vulnerability on Bumble that could have allowed attackers to get the precise location of users.
  • The vulnerability has now been patched after Heaton reported it to the company via HackerOne.

A security bug on popular dating app Bumble could have exposed the exact location of users. A security researcher has unearthed a vulnerability on Bumble that could have allowed attackers to get the precise location of the other users. Bumble is a hit amongst the users primarily because it lets women make the first move. Women find this dating app safer than the other dating apps available because, without their permission, no man can message them. However, the latest bug could have done a lot of harm to the women users specially.

Researchers Robert Heaton, who works at Stripe, discovered the bug on Bumble that could have allowed attackers to get the precise location of other users via trilateration. After conducting rigorous tests, he reported his findings in a blog post and was also awarded a bug bounty of $2,000.

Heaton's findings reveal that if the bug were to be exploited by cybercriminals, they could use the Bumble app to find out the exact home address of users and keep a track of their movements.
Notably, Bumble does not update the live location of the users, so it would have been practically impossible for the attacker to derive the exact location of the user. However, the bug could have provided some idea about the person's whereabouts to the attacker.

"Like most online dating apps, Bumble tells its users how far away they are from each other. This enables users to make an informed decision. But it is very important that Bumble doesn't reveal a user's exact location. This could allow an attacker to deduce where the user lives, where they are right now, and whether they are an FBI informant," Heaton said.

If you are a Bumble user, you do not have to worry as the vulnerability has now been patched after Heaton reported it to the company via HackerOne. Bumble rewarded him with a bug bounty of $2,000. The bug was reported to Bumble on n June 15, 2021, and Bumble fixed the issue on June 18, 2021.

On a related note, Bumble and other dating apps including Bumble, Hinge, Tinder, OkCupid have started displaying the status of their vaccination on their profiles. Bumble also allows users to host virtual date nights. So instead of stepping out, you can video chat with your match straight from the app.

For Unparalleled coverage of India's Businesses and Economy – Subscribe to Business Today Magazine

Published on: Aug 28, 2021, 5:42 PM IST
Subscribe To Newsletter
Follow Us on Channel
×

Top Stories TOP STORIES

TOP VIDEOS

market today

Advertisement