Tinder API Hack Leaves Unsuspecting Men Hitting on Each Other

Tinder's private API has been hacked, yet again. Tinderbots, programs that utilize the Tinder API for unauthorized use, have been on the rise lately. The unauthorized use of Tinder's private API has led to both malignant and benign uses of the dating app. The most recent hack, undoubtedly malign from Tinder's point of view, makes for a good laugh to some, but a broader statement about humanity to others. The API tweak creates a fake female profile that engages two heterosexual males in a conversation. Each user believes he's conversing with the fake female user, but in fact, the two males end up in a conversation with each other.

Tinder is no stranger to hacks. The notoriously vulnerable app has allowed hackers to reveal other users' locations to within 100 feet, and to automatically "mass like" every user encountered. Such hacks render the app potentially dangerous and useless for those looking to make personal decisions regarding other users.

Because of its ongoing problems, Tinder seems like an irresponsible actor that needs to fix the vulnerabilities in its API. However, Tinder isn't the only app to suffer hacks because of API problems. Last year, Snapchat endured a significant hack dubbed the "Snappening." In hindsight, the Snappening was the direct result of API weakness. Additionally, Apple's massive "Fappening" hack proved that even the most sophisticated tech companies are just as vulnerable to attacks if not properly secured.

As for the most recent Tinder attack, the hacker told The Verge that his Tinderbot exposed weakness in both Tinder's API and people in general. Regarding the API, the hacker commented: "Tinder makes it surprisingly easy to bot their system. As long as you have a Facebook Authentication token, you can behave as a robot as if you were a person." Regarding people, the hacker was quick to point out, "They ignore all the signs, they ignore all the weird things. When someone is so quick to meet up without any detail or know anything about the person at all — maybe it's deserved."

The moral of the story is twofold. First, use common sense. Second, secure your APIs. No one, big or small, public API or private, is immune to attacks based on unsecured APIs. On second thought, perhaps we only need one takeaway from the Tinder hack. Because, if we're perfectly honest with ourselves, in today's API-driven world, common sense should lead us to secure our APIs.

Be sure to read the next Security article: Google Announces Safe Browsing API