Dating Site Bumble Leaves Swipes Unsecured for 100M Users
Popular dating site Bumble has accidentally exposed the personal information of 100 million users due to an API bug. Information disclosed includes political leanings, education, distance, height, weight, and other sensitive data that could be of interest to hackers or foreign adversaries. A researcher at Independent Security Evaluators discovered the API vulnerability, reporting it to Bumble. The researcher, Sanjana Sarda, found that she was able to leverage the vulnerabilities to bypass payment requirements for premium services on the app as well as access personal information.
Sarda states that she was able to see sensitive data about the platform’s entire user base, which consists of roughly 100 million people. Bumble has not yet addressed the issue, which Sarda claims is a clear sign that the company needs to devote more attention to testing and vulnerability disclosure. However, Bumble’s bug-bounty host HackerOne states that the company has been collaborating with ethical hackers throughout its history.