X

Tinder gets better protection against hackers spying on your love life

Practice safe swiping.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
See full bio
Alfred Ng
2 min read
dating-app-icons-tinder-bumble-league-zoosk-okcupid-hinge-2201.jpg

Tinder fixed a major security issue it's had since January.

 James Martin/CNET

Your digital dating life is a lot less vulnerable to hackers as a result of security updates from Tinder. 

In a letter sent on Wednesday to Sen. Ron Wyden, a Democrat from Oregon, the company said it's fixed multiple cybersecurity issues surrounding Tinder's app.

Match Group, which owns Tinder and recently purchased Hinge, said images and swipes sent between Tinder's app and servers are now encrypted, which means that hackers will have a much harder time spying on your love life. 

"We take the security and privacy of our users seriously and employ a network of tools and systems to protect the integrity of our platform, including encryption," Jared Sine, Match Group's general counsel, said in the letter. 

If you're not familiar with Tinder, it's a dating app that more than 50 million people use to find others, swiping left to reject profiles and right to accept a potential date based on photos.

The fixes address two security flaws that researchers from Checkmarx, a cybersecurity company, discovered in January. The researchers found that the pictures stored on Tinder's servers were using an insecure and outdated HTTP connection, which meant that any hacker on the same Wi-Fi network could view them, and potentially even replace them without people knowing. 

Another vulnerability allowed hackers to view who you're swiping left and right on. Even though that data was encrypted, each response had a different file size -- so it was easy to tell which actions were likes, dislikes or super likes. 

Match Group said it's fixed this by making all swipe data the same size. The change took effect on June 19. It's unclear why it had taken almost five months for Tinder to fix the issue since the company was notified in January. Match Group did not respond to a request for comment. 

The HTTP issue was fixed much sooner, with Tinder photos switching to full encryption by Feb. 6. 

Wyden had requested answers from Match Group back in February, sending a letter out on Valentine's Day.

"These common-sense security fixes would provide Tinder users with the level of security and privacy they expect from a service that holds some of their most private information," Wyden wrote in his letter.

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

It's Complicated: This is dating in the age of apps. Having fun yet?