It was reported last month that online dating app Tinder had a security flaw which allows strangers to see your photos and matches. Now, Appsecure has discovered a new flaw which is potentially more damaging.The new vulnerability allows infiltrators to get access to your account with the help of your login phone number. But there is no need to worry because the good news is that after being alerted by Appsecure, Tinder has fixed the issue.According to Appsecure, the hackers could have taken advantage of two vulnerabilities to attack accounts. One is Tinder's own API and the other is in Facebook's Account Kit system which Tinder uses to manage the logins.
Basically, the vulnerability exposed the access tokens of the users. If a hacker is successful in obtaining the valid access token then he/she can easily take over a user account.Appsecure has already received awards of $5,000 and $1,250 by Facebook and Twitter through the companies' bug bounty programs for reporting such security flaws.
.jpg)
.JPG)
