news details |
|
|
| Hackers can crack your Tinder account password with just a phone number | | | Agencies
It was reported last month that online dating app Tinder had a security flaw which allows strangers to see your photos and matches. Now, Appsecure has discovered a new flaw which is potentially more damaging.
The new vulnerability allows infiltrators to get access to your account with the help of your login phone number. But there is no need to worry because the good news is that after being alerted by Appsecure, Tinder has fixed the issue.
According to Appsecure, the hackers could have taken advantage of two vulnerabilities to attack accounts. One is Tinder's own API and the other is in Facebook's Account Kit system which Tinder uses to manage the logins
Basically, the vulnerability exposed the access tokens of the users. If a hacker is successful in obtaining the valid access token then he/she can easily take over a user account.
Anand Prakash from Appsecure explained how the attack works on Tinder, "The user clicks on Login with Phone Number on tinder.com and then they are redirected to Accountkit.com for login. If the authentication is successful then Account Kit passes the access token to Tinder for login."
"Interestingly, the Tinder API was not checking the client ID on the token provided by Account Kit.This enabled the attacker to use any other app's access token provided by Account Kit to take over the real Tinder accounts of other users," he added.
Appsecure has already received awards of $5,000 and $1,250 by Facebook and Twitter through the companies' bug bounty programs for reporting such security flaws. |
|
|
|
|
|
|
|
|
|
|
|
|
| |
| |
|
|
|
|
 |
|
|
|
|
STOCK UPDATE |
|
|
 |
| BSE
Sensex |
 |
| NSE
Nifty |
|
|
| |
CRICKET UPDATE |
|
|
|
|
| |
| |
|
|
| |
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
