Men unknowingly flirt with one another thanks to Tinder hack
Hacker’s fake female profiles lure men to chat each other up to highlight harassment issues
Men using Tinder mistakenly flirted with each other after a developer pulled a prank that exposed a serious flaw in the causal dating app.
The developer created a series of fake profiles purporting to be single women, and men who messaged these profiles were matched with one another, instead, according to The Verge.
These fake profiles were used by the Californian hacker to send men's flirty messages back and forth to one another until they discovered the true gender of the person they thought they were speaking to.
The developer told The Verge he did it as an experiment to make men more aware of the kinds of messages they send women which can be aggressively sexual or harassing in nature.
"The original idea was to throw that back into the face of the people doing it to see how they would react," he said.
Exploiting the Tinder API, he discovered there were few security measures to prevent him subverting it to "bot" their software.
"As long as you have a Facebook authentication token, you can behave as a robot as if you were a person," he explained.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Plenty of guys fell for his hack, with him witnessing 40 conversations in just 12 hours intervening when a real-world meet-up looked likely.
He claims men ignored warning signs in desperation for a date, but a security expert said that while Tinder's security should be better, the developer shouldn't have exposed the issue in this manner.
"There is no excuse for exploiting any such vulnerability and mounting this kind of interference, Professor Alan Woodward told the BBC.
"If someone is researching security, then most companies now have a bounty programme that pays them for reporting problems such as this."
He added: "I am surprised that a company that is dealing with such sensitive interactions, which are billed as being truly private, has not seen this loophole in its own penetration testing."