Orbach says users are able to trick Tinder into making matches with people who don’t express interest in each other. (Quartz was the first to spot his blog post.)
In doing so, both parties have access to important information like personal email addresses.
The flaw comes after it was revealed the app could precisely pinpoint a potential match’s exact location.
Orbach’s post explains how he was able to do it.
In order to use the app, a profile needs to be set up which is synced towards a social media profile. Once pictures are uploaded and a profile is set, users can view a series of pictures and click yes or no hoping they meet their match.
Orbach manipulated a few lines of code and illustrated how easy it was for him to obtain someone’s FaceBook information and email address.
Essentially, this violates the core function of the app, which is that date-matching be relatively anonymous.
Orbach’s effort to uncover this error recieved attention from Tinder’s CEO Sean Rad. Quartz’s Zach Seward posted the following response:
We want to thank Mr. Orbach for pointing out a way to create a match with another user through manipulating certain API calls. This issue is now resolved and to our knowledge no one was affected outside of Mr. Orbach’s test. We are committed to taking all necessary steps to ensure the privacy of our users and we appreciate the help and support of great engineers like Mr. Orbach.
It’s unknown if the repair has been issued but expect it to be embedded within the next update.