For those not in the know, Tinder is a sort of hookup app that works a bit differently than your traditional dating site: Users share their location with the app so Tinder can say hey, there’s someone nearby if you want to meet them. But birth dates and more specific location data of where you are aren’t supposed to show up to other users, and neither is your Facebook profile, as users are identified on the app by just first name. All of that was exposed during a recent security breach, which yesterday Tinder said lasted only a few hours, but a new report says that was the case for weeks.
The worry here, of course, is that if someone on the same wireless network as you are knows your full name, date of birth and location, stalking can become way too easy.
Valleywag points to a software engineer who revealed on Facebook and Twitter that he’d found the privacy hole on July 8, weeks ahead of when the issue was first reported. He says he emailed Tinder on that date, outlining the flaws and alerting the company to what could be a big problem.
It took a Tinder representative a week to write back, after he’d tried contacting the company yet again on Twitter on July 14 to notify someone that the breach was still there.
But how can this be? That’s more than an hour. Both Valleywag and Quartz reported yesterday that Tinder had quite definitely said any security lapse allowing users to figure out your exact location and Facebook only lasted briefly.
“We had a very, very, very brief security flaw that we patched up very quickly,” Tinder CEO Sean Rad told Zachary M. Seward of Quartz. “We were not exposing any information that can harm any of our users or put our users in jeopardy.”
Okay, so how brief is brief? Hours, a rep assured Valleywag’s Sam Biddle.
“We take the privacy of our users very seriously and have taken the appropriate measures to ensure that our user data cannot be accessed from anyone inside or outside the company. We became privy to a minor security flaw related to one of our releases and patched it up within hours of that release.”
Tinder hasn’t replied to the latest reports or informed users about the security situation on its blog or through email.