Disaster Group sex app leaks locations, pics and personal details. Identifies users in White House and Supreme Court - How I learned to stop worrying and love the freaks and leaks

Stoned Alex Jones

Break the wall down! https://youtu.be/V37_CpZ05mQ
kiwifarms.net

Group dating app 3Fun exposed sensitive data on 1.5 million users
Zack Whittaker@zackwhittaker / 1 day ago

More than 1.5 million users of a group dating service had their personal data exposed — including their real-time location — because of a vulnerability in the app.

The dating site, 3Fun, bills itself as a “private space” where you can meet “local kinky, open-minded people.” But the data wasn’t private at all. Ken Munro, founder of Pen Test Partners, which published its findings Thursday and shared its findings with TechCrunch, said it was “probably the worst security for any dating app we’ve ever seen.”

Pen Test Partners researchers found the app was leaking the precise location, photos and other personal details of any nearby user.

Worse, because the app wasn’t properly secured, the researchers found they could plug in any coordinates they wanted to spoof their location, revealing sensitive information on anyone within any location of their choosing, including government buildings, military bases and even intelligence agencies.

TechCrunch ran the same tests as Pen Test Partners and confirmed its findings. We were able to modify our current geolocation to any set of coordinates we wanted — including the White House and the headquarters of the CIA.

Using a man-in-the-middle tool like Burp Suite, we could capture our real location, manipulate it in transit on the way to the server and receive a batch of data for that location.


1565347418014.png
One of the exposed user records (left) and an approximate representation of several users (right)


We found profiles of users at both locations, including their sexual preferences — including sexual orientation and their preferred matches; their age; username and their partner’s username; their bio — many of which included expansive, specific and personal information on the user; and their full-resolution profile picture. In some cases, dates of birth were also exposed.

None of the data was encrypted. The researchers called the app a “privacy train wreck.”

The researchers contacted 3Fun on July 1 to report the bugs. Munro said the app maker took weeks to fix the issues.

We emailed 3Fun with several questions, but spokesperson Jennifer White did not respond to a request for comment.

It’s the latest app to fall foul of proper security standards in recent months. Jewish dating app JCrush left 200,000 user records exposed in June following a security lapse. Last year on its launch day, conservative dating app Donald Daters exposed its entire user base — at the time some 1,600 users — after leaving a set of hard-coded keys in its app, which was quickly found after a security researcher decompiled the app.

Another dating app, Coffee Meets Bagel, was breached on Valentine’s Day, no less.

Well, that’s one way to a person’s heart — hacking their dating profile.
 
Last edited by a moderator:

Clop

kiwifarms.net
This is a privacy train wreck: how many relationships or careers could be ended through this data being exposed?
What, aren't we living in the most fantabulous free love society now? The one where authors boast about cheating on their spouses and doing seventy cocks an hour? One where promiscuity is to be celebrated and you only live once so better fuck while you can?

Why, I never expected such a thing.
 

Shaved Kiwis

Mimetic Polyalloy
kiwifarms.net
Good. There is nothing more fundamentally American than humiliating politicians.
That's actually how we got the Video Privacy Protection Act. IIRC a reporter publicized all the nasty porn that a Supreme Court nominee liked to rent which freaked the fuck out of all the politicians so they cobbled together and passed a law post haste.

 

Crippled Eagle

Top Floppy Slotter 1977
True & Honest Fan
kiwifarms.net
That's actually how we got the Video Privacy Protection Act. IIRC a reporter publicized all the nasty porn that a Supreme Court nominee liked to rent which freaked the fuck out of all the politicians so they cobbled together and passed a law post haste.

No. They passed it because he made a point that "people only have privacy when specifically legislated to them." In retaliation for such a stupid comment someone leaked his rental history, which is just harmless old boomer shit. Congress fired back with the VPPA.

During debate over his nomination, Bork's video rental history was leaked to the press. His video rental history was unremarkable, and included such harmless titles as A Day at the Races, Ruthless People, and The Man Who Knew Too Much.
 
Tags
None

About Us

The Kiwi Farms is about eccentric individuals and communities on the Internet. We call them lolcows because they can be milked for amusement or laughs. Our community is bizarrely diverse and spectators are encouraged to join the discussion.

We do not place intrusive ads, host malware, sell data, or run crypto miners with your browser. If you experience these things, you have a virus. If your malware system says otherwise, it is faulty.

Supporting the Forum

How to Help

The Kiwi Farms is constantly attacked by insane people and very expensive to run. It would not be here without community support.

BTC: 1DgS5RfHw7xA82Yxa5BtgZL65ngwSk6bmm
ETH: 0xc1071c60Ae27C8CC3c834E11289205f8F9C78CA5
BAT: 0xc1071c60Ae27C8CC3c834E11289205f8F9C78CA5
LTC: LSZsFCLUreXAZ9oyc9JRUiRwbhkLCsFi4q
XMR: 438fUMciiahbYemDyww6afT1atgqK3tSTX25SEmYknpmenTR6wvXDMeco1ThX2E8gBQgm9eKd1KAtEQvKzNMFrmjJJpiino