Advertisement

Group dating service 3Fun exposed data for 1.5 million users

It included detailed info that could be used for blackmail.

Yet another dating service is learning about the dangers of data vulnerablilities. Pen Test Partners discovered that threesome-oriented app 3Fun left 1.5 million users' data exposed, including precise locations, sexual orientation and even private photos. You only needed to spoof your location to glean information from people in a given area. While you could restrict positional info from the app, that filtering didn't apply on the servers -- a nosy person just had to query the service's framework to find someone's claimed whereabouts.

While that data would be sensitive in most any context, it could be particularly damaging with an app like 3Fun. An attacker could have used the info for extortion, scams or stalking knowing that many of the victims might be hesitant to let this knowledge escape into the wild. The consequences wouldn't necessarily be as dire as they were with the Ashley Madison breach, but they could still have been serious.

To its credit, 3Fun fixed the issue within a few weeks of Pen Test notifying the company on July 1st. The concern is that 3Fun exposed this information in the first place. It didn't just reflect a lack of concern for users' security, it jeopardized their trust. Dating apps rely on privacy and discretion as a matter of course, and users could quickly jump ship if they don't feel their info is truly secure.