Photo credit: Shutterstock
Cybersecurity firm Pen Test Partners has uncovered multiple security flaws within a popular sex app that puts sensitive user information at risk. The app, called 3Fun, is used to arrange threesomes.
“We’ve seen some pretty poor security in dating apps over recent years; breaches of personal data, leaking users locations and more. But this one really takes the biscuit: probably the worst security for any dating app we’ve ever seen,” the report reads.
According to TechCrunch, the breach put more than 1.5 million users at risk. The leaked data included private photos, chat logs, personal information such as date of birth, and even users’ exact location.
One user’s location, for example, was pinpointed to the White House. Another? The Supreme Court.
Researchers stipulate that it’s possible that a tech savvy user rewrote their location to make it look like they had a high-profile position. Nevertheless, data breaches like these carry serious risks.
“This data can be used to stalk users in near real-time, expose their private activities and worse,” the report warns.
On July 1, 2019, Pen Test Partners founder Alex Lomas contacted 3Fun and asked them to patch the security flaws. The company responded:
Dear Alex,
Thanks for your kindly reminding. We will fix the problems as soon as possible. Do you have any suggestion?
Regards,
The 3Fun Team
Lomas said he found the company’s response to be “concerning,” considering that it suggests that the company already knew about the issues.
“They want our advice for fixing the issues? Unusual, but we gave them some free advice anyway as we’re nice. Including maybe taking the app down urgently whilst they fix stuff?” Lomas wrote.
According to Pen Test Partners, the issues have since been resolved. However, that doesn’t change the fact that these vulnerabilities existed for so long.