Group sex app with ‘worst security ever seen’ exposes users in White House & Downing St
The app is described as a “Curious Couples & Singles Dating” platform. One would think that security would rank fairly high on the agenda for such a service; however that was clearly not the case as the Pen Test Partners security researchers, who discovered the vulnerability, described what they felt was “probably the worst security for any dating app we’ve ever seen.”
Personal information, sexual preferences, private photos, chat data and users’ real time locations were all exposed due to 3fun’s shoddy security practices.Also on rt.com Snapchat sex scandal: Aussie athlete accused of sending genital pictures to underage teammates
The leak was due to 3fun storing its users’ location data in the app itself, as opposed to keeping it securely on its servers. This allowed the researchers to uncover the data on the client side, even for users who had restricted their location data.
The vulnerability meant that Pen Test Partners could discover the locations of 3fun’s users around the globe. Amazingly users were found in the White House, the US Supreme Court, and at 10 Downing Street in London. However the security experts did concede that it’s “technically possible” that these users faked their locations.
Pen Test Partners made 3fun aware of the bugs on July 1; however, it took weeks to address the issues. TechCrunch was able to independently verify the app’s vulnerability.
Like this story? Share it with a friend!