Clicky

Plenty of Fish reportedly leaks users’ real names and zip codes

App Analysis reports user data has been exposed.

If you’re tired of censorship and surveillance, subscribe to Reclaim The Net.

It seems that no online service is safe from data leaks these days. But every now and then it’s particularly frustrating because it happens due to negligence on the service’s part, making it absolutely avoidable.

One such case is dating app Plenty of Fish. Security research website The App Analyst published a report on their blog today outlining the reveal. The app was always silently returning users’ first names and postal ZIP codes, even when hidden by the user.

Source: App Analysis

It’s worth noting that the leaked data was not immediately visible to app users, and to give credit where due, it was also scrambled to make it difficult to read. But with the help of freely available network traffic analysis tools, the researcher was able to reveal users’ personal information. This information could easily be used to find someone’s physical home address.

Fortunately, Plenty of Fish was quick to respond to the bug report that The App Analyst submitted, pushing out a hot fix for the ability to reveal a users home ZIP code. However they did not address the also troublesome ability to view information explicitly marked as “not displayed in profile” that is easily visible using their API.

Some such information that is still visible includes things like income level, marital status of the person’s parents, number of siblings and even whether the person is the oldest. It seems that Plenty of Fish has no issue with this information being easily accessible as they have not released a fix for it or addressed it at all.

This raises a greater question of responsibility. In a lot of these “avoidable” cases, many argue that they never would have happened had the company been more diligent and handled the data responsibility from the beginning, rather than waiting for a leak before they start plugging security holes. By which time the data is already out there.

This is particularly troublesome since dating apps have been in the news lately after being used to lure and assault users, sometimes based on orientation and other times after a conversation went wrong, leaving someone bitter.

If you’re tired of censorship and surveillance, subscribe to Reclaim The Net.

Read more

Share this post

Reclaim The Net Logo

Join the pushback against online censorship, cancel culture, and surveillance.

Already a member? Login.