Culture
Plenty of Fish app left private user information sitting out for hackers to grab
The vulnerability has since been fixed with an app update.
Plenty of Fish hasn’t had the greatest track record when it comes to its users’ safety. Now a new report from The App Analyst reveals that the dating app has been quietly leaking information from private user profiles. A solution has already been rolled out via an update to the app.
A minimal leak — The leaked data amounts to users’ first names and zip codes, and it was scrambled to make it difficult to interpret. Other data that users have been promised is private — such as household income, marital status, or number of siblings — are also readily available via the app’s API.
Still a leak, nonetheless— Though the leaked data wasn’t exactly popping up for users to read, it also wouldn’t be difficult to find and interpret with some basic networking analysis tools. The App Analyst was even able to find one user’s exact address by using the leaked data.
Private doesn’t always mean what you think — Much of the data users share with Plenty of Fish is “private” in the sense that it’s not displayed on their profile. But what users didn’t realize was that this privacy only extended so far — it was still ready to be picked up by any schmuck with a free network analyzer and too much free time.
The leak is a useful reminder that any information you volunteer to an app can be mishandled, despite promises of privacy. Even minor vulnerabilities have the potential to be dangerous.