It seems that no online service is safe from data leaks these days. But every now and then it’s particularly frustrating because it happens due to negligence on the service’s part, making it absolutely avoidable.
One such case is dating app Plenty of Fish. Security research website The App Analyst published a report on their blog today outlining the reveal. The app was always silently returning users’ first names and postal ZIP codes, even when hidden by the user.
It’s worth noting that the leaked data was not immediately visible to app users, and to give credit where due, it was also scrambled to make it difficult to read. But with the help of freely available network traffic analysis tools, the researcher was able to reveal users’ personal information. This information could easily be used to find someone’s physical home address.
Fortunately, Plenty of Fish was quick to respond to the bug report that The App Analyst submitted, pushing out a hot fix for the ability to reveal a users home ZIP code. However they did not address the also troublesome ability to view information explicitly marked as “not displayed in profile” that is easily visible using their API.
Some such information that is still visible includes things like income level, marital status of the person’s parents, number of siblings and even whether the person is the oldest. It seems that Plenty of Fish has no issue with this information being easily accessible as they have not released a fix for it or addressed it at all.
This raises a greater question of responsibility. In a lot of these “avoidable” cases, many argue that they never would have happened had the company been more diligent and handled the data responsibility from the beginning, rather than waiting for a leak before they start plugging security holes. By which time the data is already out there.
This is particularly troublesome since dating apps have been in the news lately after being used to lure and assault users, sometimes based on orientation and other times after a conversation went wrong, leaving someone bitter.
If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net.