API Security , Black Hat , Events

Dating Apps Leak User Data, Risking Privacy and Safety

KU Leuven's Victor Le Pochat and Karel Dhondt on How API Vulnerabilities Expose PII
Victor Le Pochat, postdoctoral researcher, KU Leuven, and Karel Dhondt, doctoral researcher, KU Leuven

Dating apps' collection and potential leakage of exact location data present significant privacy risks. Users often reveal sensitive information, making them vulnerable to stalking, harassment or physical harm, said Victor Le Pochat, a postdoctoral researcher at the KU Leuven, a Belgian research university.

See Also: Corelight's Brian Dye on NDR's Role in Defeating Ransomware

Some apps "have the same vulnerabilities that Tinder had 10 years ago," Le Pochat said. "Of the 15 most popular dating apps that we looked at, all of the apps leaked data," said Karel Dhondt, a doctoral researcher at KU Leuven. "We found a staggering 99 data leaks."

Another significant concern is API vulnerabilities, where sensitive user information can be exposed due to poorly protected interfaces. While data minimization is an effective strategy, most apps do not take this approach, often prioritizing the collection and sale of user data, Dhondt said.

In this video interview with Information Security Media Group at Black Hat 2024, Le Pochat and Dhondt also discussed:

  • The types of data exposed in leaks, including personal identifiable information and usage patterns;
  • How secure coding practices and encryption reduce risks associated with dating apps;
  • How grid snapping can reduce location data accuracy.

Le Pochat is a researcher in web security and privacy. His research areas include exploring large web ecosystems, web security research methodology and analyzing and improving current research methods.

Dhondt's research areas include secure software development, security and privacy of online location-based services, integrating security measures in software engineering practices to enhance the security posture of software applications, and web security and privacy.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.