Tinder flaw let anyone log into your account with just a phone number

Both vulnerabilities have since been patched Security researchers with AppSecure have disclosed a multi-part vulnerability that could hav...

Both vulnerabilities have since been patched

Security researchers with AppSecure have disclosed a multi-part vulnerability that could have allowed a hacker to log into a Tinder account with just a phone number. Fortunately, the parties involved – Tinder and Facebook – were quick to address the flaws.

Tinder utilizes a service from Facebook called Account Kit that allows users to log into accounts using their mobile phone number or e-mail address. It’s billed as a reliable, easy-to-use option that gives people a choice about how they sign up for apps.

As AppSecure’s Anand Prakash highlights in a recent Medium post, AppSecure discovered that Tinder’s API was not checking the client ID on the token from Account Kit during login. Conveniently enough, Account Kit also had a bug in which an attacker could have gained access to any user’s Account Kit simply by using their phone number.

In tandem, these flaws could have let an attacker log into any Tinder account. With free rein over the account, the attacker could read private chats, access personal information, swipe left or right on matches and more.

Prakash said the vulnerabilities were quickly patched by both Facebook and Tinder. AppSecure even earned bug bounty rewards for its efforts - $5,000 from Facebook and $1,250 from Tinder.


https://www.techspot.com/news/73393-tinder-flaw-anyone-log-account-phone-number.html
Name

English News techspot.com
false
ltr
item
Techno - Gampong IT - Reference Information Technology: Tinder flaw let anyone log into your account with just a phone number
Tinder flaw let anyone log into your account with just a phone number
https://static.techspot.com/images2/news/bigimage/2018/02/2018-02-21-image-23.jpg
Techno - Gampong IT - Reference Information Technology
http://techno.gampongit.com/2018/02/tinder-flaw-let-anyone-log-into-your.html
http://techno.gampongit.com/
http://techno.gampongit.com/
http://techno.gampongit.com/2018/02/tinder-flaw-let-anyone-log-into-your.html
true
7281475864779722461
UTF-8
Tidak ditemukan artikel apapun LIHAT SEMUA Selengkapnya Balas Batal Balas Hapus Oleh Beranda HALAMAN ARTIKEL Lihat Semua REKOMENDASI LABEL ARSIP SEARCH SEMUA ARTIKEL Tidak ditemukan posting yang sesuai dengan permintaan Anda Halaman Utama Minggu Senin Selesa Rabu Kamis Jumat Sabtu Min Sen Sel Rab Kam Jum Sab Januari Februari Maret April Mei Juni Juli Agustus September Oktober November Desember Jan Feb Mar Apr Mei Jun Jul Agu Sep Okt Nov Des baru saja 1 menit lalu $$1$$ minutes ago 1 jam lalu $$1$$ hours ago Kemarin $$1$$ days ago $$1$$ weeks ago lebih dari 5 minggu yang lalu Pengikut Ikuti KONTEN PREMIUM Silakan share untuk membuka Salin Semua Code Pilih Semua Code Semua kode disalin ke clipboard Anda Tidak dapat menyalin kode/teks, silakan tekan [CTRL] + [C] (atau CMD + C dengan Mac) untuk menyalin