Researchers discovered the dating app Plenty of Fish was leaking information that users had set to private on their profiles.
User’s names and zip codes were displayed in the app’s API, allowing malicious actors to locate a user’s exact location.
Although the data was scrambled, experts were able to reveal the information using freely available tools designed to analyze network traffic, as first reported by TechCrunch.
The discovery was made by The App Analyst, an expert in digital apps, who found that sensitive data was visible via Plenty of Fish’s API on October 20th.
A fix was developed and tested on November 5th and on December 18th, it confirmed the sensitive data was no longer present in its API.
Researchers discovered the dating app Plenty of Fish was leaking information that users had set to private on their profiles.. User’s names and zip codes were displayed in the app’s API, allowing a malicious actors to locate member’s exact location
‘Initial analysis of the Plenty of Fish API showed responses contained generic logging and app data,’ The App Analyst wrote in a blog post.
‘Unfortunately the responses also contained user data which was potentially sensitive.’
‘This sensitive data included a user’s first name, even when they requested for it not to be shown, and the ZIP code of the users home.’
Although the data was scrambled within the API, a knowledgeable hacker could use specific tools to make it legible and find exactly where users are residing – allowing them to harass or attack them in the real world.
The discovery was made by The App Analyst, an expert in digital apps, who found that sensitive data was visible via Plenty of Fish’s API on October 20th. A fix was developed and tested on November 5th and on December 18th, it confirmed the sensitive data was no longer present in its API.
‘This data which is explicitly stated as “Not displayed in profile” is being returned via the API and not being rendered in the user profile,’ reads the post.
‘Plenty of Fish is being truthful in stating that the data is not “displayed” when your profile is viewed, however a technical savvy user would be able to access that data.’
WHAT IS PLENTY OF FISH?
Plenty of Fish is a browser and app-based dating site.
It has around 150 million registered users worldwide.
Four million users sign in daily.
Owner Match group also oversees Tinder, OkCupid and Match.com.
The site will now be banning heavily filtered photos in a bid to make its dating experience more authentic.
The Plenty Of Fish logo
The dating app made news earlier this month for allowing known sex offenders to use it.
Tinder, OkCupid, PlenyofFish and other free platforms do not require users to indicate whether or not they have committed ‘a felony or indictable offense, a sex crime or any crime involving violence’.
A study found that out of 1,200 women surveyed, a third of them said they were sexually assaulted by a match from one of the dating apps – and half of them were raped.
The shocking report was published by ProPublica, a nonprofit news source that investigates abused power.
Tinder, OkCupid and Plenty of Fush are all owned by the same firm – Match Group, which also owns Match.com.
Although Match.com screens its paid members against state sex offender lists, it does provide the same service to its other platforms.
A Match Group spokesperson told DailyMail.com in an email, ‘This article is inaccurate, disingenuous and mischaracterizes Match Group safety policies as well as our conversations with ProPublica.’
‘We do not tolerate sex offenders on our site and the implication that we know about such offenders on our site and don’t fight to keep them off is as outrageous as it is false.
‘We use a network of industry-leading tools, systems and processes and spend millions of dollars annually to prevent, monitor and remove bad actors – including registered sex offenders – from our apps.’
Although the data was scrambled within the API, a knowledgeable hacker could use specific tools to make it legible and find exactly where users are residing – allowing them to harass or attack them in the real world
‘As technology evolves, we will continue to aggressively deploy new tools to eradicate bad actors, including users of our free products like Tinder, Plenty of Fish and OkCupid where we are not able to obtain sufficient and reliable information to make meaningful background checks possible.’
‘A positive and safe user experience is our top priority, and we are committed to realizing that goal every day.’
However, in a statement to ProPublica, a Plenty of Fish spokesperson said the company ‘does not conduct criminal background or identity verification checks on its users or otherwise inquire into the background of its users.’