Subscribe

Criminals hijack 70K women’s photos from Tinder

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 21 Jan 2020

More than 70 000 photos of dating platform Tinder users are being shared by members of an online cyber crime forum.

This is according to a report by Gizmodo, which says this raises concerns about the potential for abusive use of the photos.

Ominously, the report says, only women appear to have been targeted.

Aaron DeVera, a member of New York City’s task force on cyber sexual assault, told reporters they discovered the images on a Web site known for trading in malicious software.

While DeVera did not disclose the name of the Web site, he said the dump was accompanied by a text file containing some 16 000 unique Tinder user IDs, which could be the total number of users affected.

Nonetheless, he tweeted: “This collection is concerning because it is a perfect candidate for fraudsters to make fake profiles and personas all over the Web. Not only that, but many of them will not be indexed by reverse image searches.”

He pointed out that dumps of data such as this typically attract fraudsters, who use it for making large collections of convincing fake accounts on other platforms.

Stalkers might use this in a more targeted manner, in an effort to add to a collection of data to use against an individual, noted DeVera, adding the long-term concern is that these pictures could be used for fraud and privacy violations.

According to Gizmodo, a Tinder official says since the incident, the company has invested additional resources in an effort to address misuse of its app.

Initially released in 2012, Tinder is a location-based social search mobile app and Web application most often used as a dating service, that allows users to use a swiping motion to like or dislike other users, and allows users to chat if both parties like each other.

Tinder had 5.2 million paying subscribers at the end of 2019's second quarter, up 1.5 million from the year-ago quarter and up 503 000 from the first quarter of 2019.

In a statement issued to ITWeb, Tom Chivers, digital privacy advocate at ProPrivacy, says the news that Tinder has suffered a hack of this magnitude is hugely problematic for the dating giant.

“The fact that the hack, discovered by white ops researcher Aaron DeVera, targeted only women suggests this data dump could be used for the creation of fake profiles on other dating sites. A worrying implication for the users affected, given they could now have their data used for catfishing or fraudulent accounts they have nothing to do with,” Chivers says.

“If you aren’t willing to offer up photos of yourself, you aren’t allowed on the app; this is how Tinder operates.”

Chivers notes the dating giant, part of Match Group and owned by InterActiveCorp, is therefore duty-bound to protect this data.

He adds that Tinder, as well as others in the Match Group cohort, state in their privacy policy that they share user data with the entirety of IAC (InterActiveCorp) – “so, sadly, it isn’t just hackers that users may be inadvertently sharing their data with”.

This data breach is not without precedent, as Tinder photos have been misused plenty of times, Chivers says.

Three years ago, he notes, 40 000 photos surfaced in an online forum – the purpose, reportedly, was to train facial recognition algorithms.

“While Tinder explicitly says in its terms and conditions that they prohibit the use of scraping tools, hackers have found ways to backwards-engineer API capabilities and collect data en masse. This does not bode well for the privacy and security of their users, especially when targeted phishing campaigns can be leveraged against their most intimate data.

“In the world of dating, safe spaces are essential. Tinder has to do better when it comes to securing the data of its users, both from hackers and the third-parties it willingly shares your information with.”

Share