Exclusive Webinar :Gain complete knowledge about how you can invest in global markets during an insightful webinar on April 16 at 11 am. Register Now!
you are here: HomeNewsTechnology

Ethical hacker Anand Prakash finds security flaw in Tinder, awarded Rs 4 lakh

The bug discovered by Prakash allowed an attacker to gain access to a Tinder account. The user was more vulnerable if he or she used mobile number to log in to his or her account

February 22, 2018 / 03:22 PM IST
Rank 2| Tinder - Location-based dating app (Image: moneycontrol)

Rank 2| Tinder - Location-based dating app (Image: moneycontrol)

Ethical hacker Anand Prakash who has a proven track record of winning bounties worth crores by hunting bugs in apps and social networking sites was at work again. He reported a vulnerability to Tinder and Facebook and was rewarded with monetary awards worth Rs 4 lakh.

The bug discovered by Prakash allowed an attacker to gain access to a Tinder account. The user was more vulnerable if he or she used his mobile number to log in to his or her account.

Tinder allows its users to log into the mobile application as well as the web app through their mobile numbers. For that, the company uses a tool named Account Kit which is developed by Facebook. When a member of Tinder clicks on login, the user is redirected to Account Kit and if the authentication is successful, a user gets the access token to Tinder account.

Prakash found a vulnerability on part of Tinder API which was not checking the client ID provided by Account Kit, reported BGR India. This flaw was allowing an attacker gain access to any user’s Account Kit account just by using their phone number.

Close

That meant, if an attacker could access the token of Account Kit from stored cookies, the attacker could use that to log into a user’s Tinder account.

Prakash reported the bug to both the companies and was rewarded with USD 5,000 (Rs 3.25 lakh) by Facebook and USD 1,250 (Rs 81,350) by Tinder.

Engineers from both the companies immediately plugged the vulnerability.
first published: Feb 22, 2018 03:22 pm

stay updated

Get Daily News on your Browser
Sections