Massive security flaw in Tinder exposed users’ exact locations

A MASSIVE security flaw in the hook-up app Tinder made it possible for hackers to find users' exact locations for up to 165 days.

Tinder is supposed to give its users a rough idea of how close they are to each other, with distance rounded to the nearest mile or kilometre. But this flaw let any hacker with 'rudimentary” skills pinpoint someone's location to within 30 metres, Businessweek reports.

The flaw was discovered by a white-hat hacking company called Include Security, which finds problems in popular websites and software, gives companies three months to fix the problem, then publishes its findings.

Include Security's founder, Erik Cabetas, says Tinder was told about the security flaw on October 23. There was no reply until December 2, when a Tinder employee asked for more time to fix the security hole.

'I wouldn't say they were extremely cooperative,” he says.

Cabeta tells Businessweek the problem was fixed before the start of 2014, but Tinder has never publicly acknowledged the fact that it existed.

You can read the details of how the flaw was found, and how Tinder responded, in this blog post. It was written by Max Veytsman, the Include Security hacker who discovered the issue.

Tinder has encountered security problems before. Last July, Quartz reported on a flaw that revealed users' exact latitude and longitude for several weeks.

Tinder has yet to comment on the latest revelations.