TECH CRUNCH - Aug 8 - The researchers from Pen Test Partners called the app a "privacy train wreck." ~1.5M users of the group dating app had their personal data exposed, including their real-time location, because of a vulnerability in the app. 3fun bills itself as a "private space" for kinky, open-minded people. Because the app wasn't properly secured, the researchers found they could plug in any coordinates they wanted to spoof their location, revealing sensitive information on anyone within any location of their choosing, including government buildings, military bases, and intelligence agencies. The researchers contacted 3fun on July 1 to report the bugs. Munro said the app maker took weeks to fix the issues.
Comments