• Home
  • Forum
  • News
  • Reviews
  • About
Sign in
Welcome!Log into your account
Forgot your password?
Password recovery
Recover your password
Search
Sign in
Welcome! Log into your account
Forgot your password? Get help
Password recovery
Recover your password
A password will be e-mailed to you.
Myce.com
  • Home
  • Forum
  • News
  • Reviews
  • About
Home News

Bumble Bug Exposes Data of 100 Million Users

By
Maricar Sze
-
November 17, 2020
ADVERTISEMENT

Popular dating website Bumble reportedly suffered from a wonky application programming interface (API) bug, leaving approximately 100 million daters and users alike to become vulnerable. According to Threat Post, the security flaws in question were left unpatched by the company for over six months.

In an article by Forbes on Sunday, November 15, 2020, the business magazine cited the report released by the Independent Security Evaluators (ISE). The San Diego-based security researchers reportedly found that despite being banned from the site, malicious hackers could still gain access to the information of Bumble users and daters.

ADVERTISEMENT

Apart from this, the report also made it clear that threat actors could acquire the identities of daters using the app. If the app was connected to a user’s Facebook account, the security researchers found that they could also see the interests or pages a person may have liked, notes Forbes.

Bumble API Bug Exposes Users Data

The security researchers also said that the vulnerabilities would have allowed hackers to steal photos uploaded onto the app as well as determine the type of individual a user wants to date or match with. Location settings may also prove vulnerable to the user with the said bug.

ADVERTISEMENT

Hackers may also gain access to premium features on Bumble, such as getting unlimited votes and advanced filtering.

Sanjana Sarda, a security researcher from the ISE, found that the API of Bumble failed to hold the necessary checks required, thereby failing to protect the users from being exploited by malicious accounts.

Moreover, Threat Post states that Sarda also found that the “wish” data from Bumble could be retrieved, with profiles containing various information. These include the user’s personal information, political leanings and affiliations, height, weight, education, and even astrological signs.

Of this, Sarda said that “this is a breach of user privacy as specific users can be targeted, user data can be commodified or used as training sets for facial machine-learning models, and attackers can use triangulation to detect a specific user’s general whereabouts.”

In a statement by Bumble to Forbes, it said that “After being alerted to the issue we then began the multi-phase remediation process that included putting controls in place to protect all user data while the fix was being implemented. The underlying user security-related issue has been resolved and there was no user data compromised.”

Its relationship with HackerOne allowed it to proceed with the said fix, albeit half a year later. Forbes revealed that Sarda initially disclosed the API vulnerability back in March.

Upon checking, more than 200 days of being exposed, Sarda said in her blog post that the issue was still active on November 1, 2020. It only started to find a fix for the bug earlier this month.

ADVERTISEMENT
  • TAGS
  • API Vulnerability
  • Application Programming Interface
  • Bumble
  • Dating Website
  • Facebook Account
  • Facial Machine-learning Models
  • Independent Security Evaluators
  • Malicious Hackers
Previous articlePenguin Computing Rolls Out Bundle Systems for Cloud
Next articleApple Receives 2 Privacy Complaints in Europe
Maricar Sze

RELATED ARTICLESMORE FROM AUTHOR

MeetMindful Hacked Affects Users
News

Hack Affects 2.28M MeetMindful Users

AI-Enabled Self-Driving Tech UISEE
News

AI-Enabled Self-Driving Tech UISEE Gets $150M in Funding

Washington Legislators Look at GDPR-Style Law
News

Washington Legislators to Take Another Look at GDPR-Style Law

ADVERTISEMENT

RECENT NEWS

Hack Affects 2.28M MeetMindful Users

News Maricar Sze - January 26, 2021

AI-Enabled Self-Driving Tech UISEE Gets $150M in Funding

News Maricar Sze - January 26, 2021

Washington Legislators to Take Another Look at GDPR-Style Law

News Maricar Sze - January 26, 2021

The latest news surrounding digital storage products, cloud, data security, technology, fintech, games.

Myce B.V.
Cruquiuskade 251, 1018 AM Amsterdam, Netherlands.

Contact us: dan@myce.com

MORE RECENT NEWS

Education Agency Hit By Data Breach

Education Agency Hit By Data Breach, Affects Teachers and Students

News January 18, 2021
Pentagon Usage of Artificial Intelligence

Pentagon to Increase Usage of Artificial Intelligence

News January 18, 2021
AI to Predict Increased Virus Symptoms

FB, NYU Langone Makes AI to Predict Increased Virus Symptoms

News January 18, 2021

POPULAR CATEGORY

  • News24532
  • Other16029
  • Piracy1016
  • Software815
  • Reviews581
  • Movies522
  • Music275
  • Apps175
  • Finance170
  • Forum
  • Privacy Policy
  • Terms and Conditions
  • Cookie Policy
  • About
© Copyright 1997 – 2021 Myce B.V. – All rights reserved. It is prohibited to use or publish this content without proper authorization. Offenders shall be subject to penalties provided by law.