tech2 News StaffFeb 22, 2018 16:20:52 IST
According to a report on The Verge, both the companies have fixed the flaw and there is no evidence of any data being leaked because of the security vulnerability. The security flaw allowed access to an account using Facebook AccountKit, a platform which is used to let people quickly register and login to an app using phone number and email address.
According to a blog post by AppSecure a users clicks 'Login with phone Number' on Tinder.com, she/he is then redirected to Accountkit.com for login. "If the authentication is successful then Facebook Account Kit passes the access token to Tinder for login."
The flaw on the dating platform Tinder and Facebook AccountKit was Tinder API not checking the the Client ID on the token provided by Account Kit. This enabled hackers to use any other app's token provided by Account Kit to take over the Tinder accounts.
The blog also mentioned the 'exploit steps' which can be followed to breach into a Tinder account which has now been patched.
The report also mentioned that the flaw was reported to Facebook and Twitter earlier this year and both the companies had awarded the researcher with $5,000 and $1,250 respectively under their respective bug bounty program.
AppSecure is an Indian security firm founded by Anand Prakash, an ex-Flipkart security engineer.
Welcome to Tech2 Innovate, India’s most definitive youth festival celebrating innovation is being held at GMR Grounds, Aerocity Phase 2, on 14th and 15th February 2020. Come and experience an amalgamation of tech, gadgets, automobiles, music, technology, and pop culture along with the who’s who of the online world. Book your tickets now.