A huge vulnerability in group dating app 3fun has been found by security researchers which allowed anyone to find the personal information, chat data, private photos, and real time location data of any of the other apps’ 1.5 million users.
The discovery was made by Pen Test Partners, who said that 3fun has “probably the worst security for any dating app we’ve ever seen.”
The discovery comes as dating apps are facing renewed scrutiny over the amounts of intensely personal information they hold about their users.
TechCrunch notes that multiple dating apps including Jewish dating app JCrush, conservative dating app Donald Daters, and Coffee Meets Bagel have all reported data breaches in the past couple of years, and there are ongoing concerns over Grindr’s ownership by a Chinese company.
Pen Test Partner’s security researchers discovered that 3fun was storing its users location data in the app itself, rather than keeping it securely on its servers.
This meant it was a trivial task for the researchers to reveal the data on the client side, even when users are supposedly restricting their location data.
