Tinder users' exact locations were apparently exposed for months even after a white-hat hacker discovered a security flaw and informed the company.
The popular hookup app is intended to connect smartphone users to each other by rounding distance to the nearest mile, but Include Security noticed in October that servers were giving information that would let a hacker find a user's location to within 100 feet, Bloomberg Businessweek reported.
Only "rudimentary" hacking skills were necessary to find a Tinder user to within 0.000000000000001 mile, Include Security said.
The New York City-based consulting firm looks for flawed codes in websites, apps and software. Include Security generally gives companies three months to fix the security issue before publishing the findings, founder Erik Cabetas told Bloomberg Businessweek.
Tinder was told about the problem on Oct. 23, 2013, but Include Security didn't get a real response until early December, Cabetas said.
"I wouldn't say they were extremely cooperative," he told Bloomberg Businessweek.
Include Security hacker Max Veytsman found the Tinder security flaw and documented the process in a YouTube clip and a blog post.
Tinder faced security issues last July as well that lasted at least two weeks, according to a report from Quartz. Data was revealing users' exact latitude and longitude for an undisclosed amount of time.
Tinder CEO Sean Rad did not respond to Bloomberg Businesweek's request for comment.
"We want technology companies to remember that as they're moving a million miles an hour to innovate, they need to consider security and privacy as part of the value proposition they're selling their customers," Cabetas said. "Consumers tend to avoid use of applications, cloud services, or websites that severely encroach on their privacy."
See Now: OnePlus 6: How Different Will It Be From OnePlus 5?
