cybersecurity

Dating app Bumble takes 6 months to fix vulnerabilities – report

Gelo Gonzales
Dating app Bumble takes 6 months to fix vulnerabilities – report

BUMBLE. An AFP journalist holds his phone showing the dating application Bumble on February 26, 2020 in Washington, DC.

Photo by Eric Baradat/AFP

The security report finds information such as a Bumble user's liked Facebook pages and match preferences had been easy to steal

Forbes on Sunday, November 15, reported vulnerabilities in the dating app Bumble that would have put its 95 million users at risk.

The business magazine cited US-based Independent Security Evaluators (ISE), which found that the vulnerabilities had been open for at least 200 days since the cybersecurity organization alerted Bumble.

The vulnerabilities would have allowed hackers, if the Bumble account used a Facebook account as a log-in, to steal information on pages the user has liked, the kind of person the user wants to match with, and all the photos they uploaded to the app.

The hacker would have also had access to premium Bumble features.

The vulnerability can be traced to the app’s application programming interface (API) or the software that instructs a program how to access data from a computer.

ISE security analyst Sanjana Sarda told Forbes that Bumble’s API didn’t do the “necessary checks” or put the limits that would have stopped a hacker from probing the Bumble server for user information.

Forbes reported that it took Bumble 6 months to fix the problems – problems that Sarda said would have required easy fixes. Sarda reported the vulnerabilities back in March 2020, and were fixed in November 2020.

A Bumble spokesperson told Forbes:

“Bumble has had a long history of collaboration with HackerOne and its bug bounty program as part of our overall cyber security practice, and this is another example of that partnership.

After being alerted to the issue we then began the multi-phase remediation process that included putting controls in place to protect all user data while the fix was being implemented. The underlying user security related issue has been resolved and there was no user data compromised.”

Especially for dating apps, privacy is an important concern for its users. – Rappler.com

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

author

Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.