World most popular dating app hacked.Security researchers discovered a loophole in Tinder , with just a phone no your Tinder Hacked.
Tinder Hacked with just a phone number
Last month it was reported that online app Tinder had security loophole which let any stranger to hack into your Tinder account .Now, Appsecure has discovered a new flaw which is could ptentialy more dengerous .
The new flwa allows attacker to get access to your account with the help of your login phone number and walah your Tinder Hacked.But good news Appsecure alredy reported that to Tinder and they alredy fixed thi issue.
As per Appsecure, the hackers could have taken advantage of two vulnerabilities to attack accounts. One is Tinder’s own API and the other is in Facebook’s Account Kit system which Tinder uses to manage the logins.
Basically, the flaw exposed the access tokens of the users. If the hacker is successful in obtaining the valid access token then he or she can easily take over a user account.
Anand Prakash from Appsecure explained how the attack works on Tinder, “The user clicks on Login with Phone Number on tinder.com and then they are redirected to Accountkit.com for login. If the authentication is successful then Account Kit passes the access token to Tinder for login.”
Most astonishing the Tinder API was not checking the client ID on the token provided by Account Kit.This enabled the attacker to use any other app access token provided by Account Kit to take over the real Tinder accounts of other users,” he added.
Appsecure has already received awards of $5,000 and $1,250 by bug bounty programs for reporting such security issue.
I hope you like this article and update your Tinder app. For now happy Tindering .Stay tuned for more .
Read our cyber security blogs and stay secure.