A Californian coder has caused consternation amongst Tinder’s discerning netizens after he managed to hack the dating platform so that men chatted to each other online thinking they were messaging a foxy female.
The API tweak apparently involved creating a dummy profile using a pre-approved pic and matched men with men, scrambling phone numbers but doing so without their knowledge.
The profile apparently had interest “within minutes” and attracted 40 conversations in the first 12 hours.
There’s little else by way of technical explanation on how the hacker managed to interfere with Tinder’s API, apart from the fact that the man responsible stepped in when a meet-up was on the cards.
He apparently started out initially to build a Twitter bot to tweet every first message received by a female friend, but on inspecting Tinder’s API, found it ripe for exploiting.
“The original idea was to throw that back into the face of the people doing it to see how they would react,” the unnamed programmer told The Verge.
“Tinder makes it surprisingly easy to bot their system. As long as you have a Facebook authentication token, you can behave as a robot as if you were a person.”
This is not the first time the dating app has been called out after researchers found security holes in the platform.
Around a year ago, Bitdefender warned of bots sending automated messages to users of the app which urged them to click on malicious links.
In October 2013, a serious privacy flaw was discovered by Include Security that could have allowed attackers to accurately pinpoint the location of Tinder users.
At the time, Tinder was criticized for being un-cooperative after the security hole was pointed out to it.
A disclosure timeline apparently showed just three responses from the company to Include Security.