The API was not properly secured.
Discription

The consequences of the incident

In this case, the vulnerability exposed private information for millions of users including their names, locations and genders. The data breach also included sensitive personal details such as users’ sexual preferences and relationship status – all of which were publicly available to anyone who had signed up using a new account. This meant that cybercriminals could have potentially used this information to conduct phishing attacks or steal identities in order to commit fraud or other crimes. In addition, the company behind the app has now been fined $5 million by regulators in California following an investigation into its handling of user data security breaches
https://t.co/PI67gvv0NG

Back to Main