Skip to main content

Group dating app 3Fun exposed sensitive data on 1.5 million users - TechCrunch

-

Group dating app 3Fun exposed sensitive data on 1.5 million users - TechCrunch

Group dating app 3Fun exposed sensitive data on 1.5 million users - TechCrunch

Posted: 08 Aug 2019 02:00 AM PDT

More than 1.5 million users of a group dating service had their personal data exposed — including their real-time location — because of a vulnerability in the app.

The dating site, 3Fun, bills itself as a "private space" where you can meet "local kinky, open-minded people." But the data wasn't private at all. Ken Munro, founder of Pen Test Partners, which published its findings Thursday and shared its findings with TechCrunch, said it was "probably the worst security for any dating app we've ever seen."

Pen Test Partners researchers found the app was leaking the precise location, photos and other personal details of any nearby user.

Worse, because the app wasn't properly secured, the researchers found they could plug in any coordinates they wanted to spoof their location, revealing sensitive information on anyone within any location of their choosing, including government buildings, military bases and even intelligence agencies.

TechCrunch ran the same tests as Pen Test Partners and confirmed its findings. We were able to modify our current geolocation to any set of coordinates we wanted — including the White House and the headquarters of the CIA.

Using a man-in-the-middle tool like Burp Suite, we could capture our real location, manipulate it in transit on the way to the server and receive a batch of data for that location.

Screen Shot 2019 08 06 at 1.19.56 PM

One of the exposed user records (left) and an approximate representation of several users (right)

We found profiles of users at both locations, including their sexual preferences — including sexual orientation and their preferred matches; their age; username and their partner's username; their bio — many of which included expansive, specific and personal information on the user; and their full-resolution profile picture. In some cases, dates of birth were also exposed.

None of the data was encrypted. The researchers called the app a "privacy train wreck."

The researchers contacted 3Fun on July 1 to report the bugs. Munro said the app maker took weeks to fix the issues.

We emailed 3Fun with several questions, but spokesperson Jennifer White did not respond to a request for comment.

It's the latest app to fall foul of proper security standards in recent months. Jewish dating app JCrush left 200,000 user records exposed in June following a security lapse. Last year on its launch day, conservative dating app Donald Daters exposed its entire user base — at the time some 1,600 users — after leaving a set of hard-coded keys in its app, which was quickly found after a security researcher decompiled the app.

Another dating app, Coffee Meets Bagel, was breached on Valentine's Day, no less.

Well, that's one way to a person's heart — hacking their dating profile.

How to protect yourself from an online dating scam, duping victims out of millions - Fox Business

Posted: 08 Aug 2019 07:39 AM PDT

Fox Business

New bank scam even fooling experts

The CyberGuy Kurt Knutsson on the sophisticated bank scams taking advantage of consumers and apps with subscription-models built in charging users hundreds of dollars.

Fraudsters are prowling online dating sites in their search for people to scam, according to the FBI.

Continue Reading Below

More than 18,000 people complained to the FBI's Internet Crime Complaint Center, or IC3, last year to say they were victims of romance fraud. They lost a combined $362 million, the IC3 said this week. That was up by 70 percent from the losses reported in 2017.

In an effort to help people avoid becoming victims, the IC3 shared details of how the scam works and what online daters can do to protect themselves.

The scammer starts by gaining the victim's trust, authorities said. It can take months. Many of them claim to be a U.S. citizen located overseas, such as a member of the military or a business owner.

MORE FROM FOXBUSINESS.COM

Eventually, the fraudulent dater may ask for gifts, or ask for money supposedly for travel to meet the victim, authorities said. In some cases, scammers have even claimed that wired funds never arrived and asked victims to send money again. Other times, they've claimed they never showed up to meet because they were arrested, and they ask for more money to post bail or recover seized items. The scammers will keep asking for more money as long as it keeps coming.

Some of the victims have even been groomed as "money mules,' the IC3 said. The scammers trick them into transferring money illegally on behalf of others.

How to protect yourself

After meeting someone online, the IC3 said to run a reverse image search on their photo. Several websites can search the internet to see where else an image has appeared before, including TinEye and even Google. Do the search results add up with what the person has claimed?

The FBI said to never send money to someone met online, never provide credit card numbers or bank account information without verifying the recipient's identity and never share a Social Security number or other personal information.

CLICK HERE TO GET THE FOX BUSINESS APP

Be wary of anyone you meet online, as they could be misrepresenting themselves. Here are some common red flags, according to the IC3:

  • Immediate requests to talk via email or an outside messaging service,
  • Claims it was "destiny" or "fate" that you met early in communication,
  • Claims to be from the U.S. but living abroad or recently widowed,
  • Requests for money, goods or other financial assistance,
  • Requests for help with opening a bank account, depositing or transferring funds, shipping merchandise, etc.,
  • Stories of a sudden personal crisis,
  • Inconsistent or grandiose stories,
  • Vague answers to specific questions and
  • Profiles that suddenly disappear but then reappear under a different name.

Anyone who believes they're a victim of a romance scam can report it to the IC3 online here, or to their local FBI field office. Authorities said they should also contact their financial institutions immediately to stop or reverse any transactions and ask where the suspicious transfer was sent.

FBI warns on dating, romance Internet scams - Fox News

Posted: 08 Aug 2019 09:21 AM PDT

Dating and romance fraud is more rampant than ever.

The dating and romance scams involve financial fraud and recruiting so-called "money mules," the FBI said in a public service announcement this week.

It all starts when a bad actor dupes a victim into a trusting relationship, then exploits that to get money, goods, or sensitive financial information.

The bad guys often use online dating sites to pose as U.S. citizens abroad or U.S. military members deployed overseas or American business owners who have sizeable investments, the FBI said.

The stats back up the growing threat. While in 2017 more than 15,000 people filed complaints with the FBI's Internet Crime Complaint Center (IC3) saying they were victims of confidence/romance fraud with reported losses of $211 million, in 2018, the number of victims jumped to more than 18,000, with more than $362 million in losses, an increase of more than 70 percent over the previous year, according to the FBI.

HACKERS COULD GRIDLOCK ENTIRE CITIES USING CONNECTED CARS, RESEARCHERS SAY

Dating and romance scams proliferate online.

Dating and romance scams proliferate online. (Fox News)

How one scammer stole over a $1.7 million from victims

In 2018, the Better Business Bureau profiled a case where a scammer stole $1 million in laptops and other stolen electronic gear as well as money totaling at least $730,000.

A Nigerian citizen, who ran his scam from South Africa, posted fake profiles on dating sites using photos of actual people. He claimed, in some cases, to be an officer in the U.S. armed forces, to be widowed with one child, and "to be a practicing Christian with a strong Faith," the BBB said.

The man "spent weeks or months developing relationships with his victims, often sending gifts such as flowers or chocolates, and then asked for small sums of money for supposed minor emergencies to test his influence on them," the BBB said.

One victim ended up filing for bankruptcy after she was left $98,000 in debt.

He also used blackmail, having one victim perform "in a sexually explicit manner" on Skype, which he secretly recorded. When she refused to send more money, he threatened to post the video online, the BBB said.

He also used victims as mules. He would order laptops and iPads with stolen credit cards and then got the victims to send the merchandise to him in South Africa.

RANSOMWARE IS A 'BEST SELLER' ON UNDERGROUND HACKER FORUMS

Protect yourself

Most cyber criminals do not use their own photos, the FBI said. "A reverse image search can determine if a profile picture is being used elsewhere on the internet, and on which websites it was used. A search sometimes provides information that links the image with other scams or victims," the FBI said.

And remember that most dating sites do not conduct criminal background checks, so it is easy for people to misrepresent themselves.

Other red flags include immediate requests to talk or chat on email or a messaging service outside of the dating site and phony claims that meeting the person was "destiny" or "fate," the FBI said.

Report the activity to the Internet Crime Complaint Center, your local FBI field office, or both. Contact IC3 at www.ic3.gov.

Authorities warn of 15 dangerous apps that could be on your child's phone - wpde.com

Posted: 08 Aug 2019 09:13 AM PDT

[unable to retrieve full-text content]Authorities warn of 15 dangerous apps that could be on your child's phone  wpde.com

(WRGB) - Authorities are warning parents about 15 apps that could be on your child's phone or tablet and the dangers that come with them. The Sarasota ...

Best of 225 This Week: Speed dating, sunset yoga, makers market and more events in Baton Rouge this weekend - 225 Baton Rouge

Posted: 08 Aug 2019 08:13 AM PDT

All you singles, get ready to mingle

Attention single men over 40: You can still buy tickets for White Star Market's 40 & Over Speed Dating event tonight, Aug. 8. Arrive at 6 p.m. to sign in, grab a drink and mingle, with speed dating rounds to follow at 6:30 p.m. You can read more about what the night entails in our preview here.

Tickets are $20 and can be purchased here. If you're interested in attending but tickets are sold out, no worries. You can still go by and fill in for someone who can't make it.

White Star Market is at 4624 Government St.

Do some yoga with a view of the lakes

Enjoy the sunset with a gentle yoga session by the lakes tomorrow, Aug. 9. Head over to BREC's Milford Wampold Memorial Park for an hour-long class starting at 7 p.m. Bring a friend, a yoga mat and a water bottle to the class, and stick around after for refreshments.

The class is donation-based, with suggested donations of $5-$15. The park is at 901 Stanford Ave.

Check out this month's Mid City Makers Market

Mid City Makers Market is back for its August edition this Saturday, Aug. 10. So make sure you stop by the market to shop local makers and vendors, listen to live music and grab a bite, 6-9 p.m. Don't let the late summer heat discourage you—the market will provide additional shade sails, fans and misters.

Mid City Makers Market is at 541 S. Eugene St.

After this Tsunami class, you won't have to go out for sushi

Learn to make your own spicy tuna roll at Tsunami Sushi's sushi making class this Saturday, Aug. 10. Grab a date or a few pals, and head over to the rooftop restaurant at 11 a.m. Listen as the Tsunami experts teach you about the history of sushi, recipes and how to make your own roll. Once done, you'll be able to eat your roll, plus a few other appetizers, and partake in a sake toast to end the afternoon.

The class is $50 a person, and you can find more information here. Tsunami is on the top floor of the Shaw Center for the Arts at 100 Lafayette St.

Brunch for a good cause this Sunday

Get your brunch on this Sunday, Aug. 11 at Creole Cabana's Beach Brunch & Karaoke FUNdraiser. Enjoy family-friendly games, activities and entertainment while munching on brunch bites. Proceeds from the event will go toward The Safety Place, an organization that provides education and community resources to help combat childhood injuries.

Tickets are $20 for kids and $35 for adults, and tickets can be purchased here. Creole Cabana is at 7477 Burbank Drive.

Comments

Post a Comment

Popular posts from this blog

Colorado judge who discussed swinger lifestyle, sought help using Tinder, accepts public censure - CBS News

-
Image
Judge who discussed swinger lifestyle accepts public censure Judge who discussed swinger lifestyle accepts public censure 00:38 John Scipione, a former district court judge in Arapahoe County, has agreed to a public censure and has resigned from his position following a series of ethical infractions.  John Scipione   CBS In one case, he told his law clerk "he was consensually non-monogamous and discussed details about a 'ranch' that catered to that 'lifestyle.' He asked the l
Read more

Why the ‘Red, White & Royal Blue’ Soundtrack Doesn’t Exactly Follow the Book - Billboard

-
Image
Casey McQuiston's Red, White & Royal Blue – an LGBTQ romcom novel about the Prince of England and the U.S. president's son falling in love despite a despising each other at first – was a smash hit when it came out in 2019, quickly becoming a New York Times bestseller and creating a devoted fanbase. Captivated by the international screwball romance, the book's enthusiastic fanbase has created everything from artistic renderings of swoon-worthy moments between main characters Alex and Henry to playlists based on songs McQuiston wrote into the plot. Explore Explore See latest videos, charts and news See latest videos, charts and news But even for the
Read more

Global Online Dating Services Market Overview 2023-2028 with Competitive Analysis of Match Group, Bumble, Spark Networks, Grindr, Dating Group, Happn, ParshipMeet, Her, Paktor, & Muzz - Yahoo Finance

-
Image
Company Logo Dublin, Oct. 23, 2023 (GLOBE NEWSWIRE) -- The "Global Online Dating Services Market Overview, 2023-28" report has been added to ResearchAndMarkets.com's offering. Global Online Dating Services Market is expected to cross USD 12 Billion market size, increasing from USD 8.29 Billion in 2022. The global market is forecasted to grow with 7.23% CAGR by 2023-2028 The world of online dating is constantly evolving and upgrading. Key players in the industry frequently launch new strategies to stay ahead. To grow their user base, major firms are focusing on expanding their investments in social media advertising. They are also targeting new demographics and geographic areas to broaden their user base and expand their reach either by entering new markets themselves or by collaborating with regional businesses worldwide. Niche dating sites have gained popularity by offering services tailored to specific communities, religions, and interests, fostering a sense of belong
Read more