Cybersecurity and ethical hacking firm Gizmodo has published a report mentioning that around 70,000 photos of Tinder female users have been leaked and exposed in a forum dedicated to cybercrime, a fact that raises concern among the cybersecurity community due to the potential malicious use of exposed files.
In a statement, public forces for the attention of sexual assaults in New York City confirmed the incident, noting that the images were discovered on a popular website among cybercriminals, dedicated to the sale of malicious software. In addition to the thousands of images, a text file containing about 16,000 unique user identifiers was also leaked. This figure could be the main indicator of the number of Tinder users affected.
It is not yet known why these photos were
collected; however, the mere existence of this database calls into question the
security measures of the dating app, as well as showing the ability of threat
actors to compromise confidential details in such a way. According to ethical
hacking experts, criminals could use these images for extortion and harassment
against the victims of the incident.
Speaking to Gizmodo, a representative of the
dating app mentioned that Tinder employees are strictly prohibited from taking
these files to external platforms, in addition to announcing actions against
this incident: “We are taking action to remove any data posted on
platforms outside of Tinder.”
However, Aaron DeVera, a researcher
collaborating as a cybercrime analyst for New
York City, believes it will be virtually impossible for Tinder to
remove information posted on external platforms, although he offered the company
responsible for this app his full collaboration.
This is not the first similar incident that
occurred in Tinder. A couple of years ago, ethical hacking specialists from the
International Institute of Cyber Security (IICS) reported the leaking of more
than 40,000 photos of Tinder users in the US, allegedly used to create a
database of facial records for test a biometric sensing system. Although Tinder
recognized this incident as a security breach and promised measures to prevent
similar incidents in the future, things don’t seem to have improved much for
users of this network.