Hackers have worked out how to exploit security flaws in hook-up apps
Hackers have worked out how to exploit security flaws to get users’ data from gay hook-up and threesome apps Grindr, Romeo, Recon and 3Fun
- Warning after problems identified in gay hook-up apps and one for threesomes
- Fears that people who want to keep their sex lives private could be compromised
- Recon, a gay kink and fetish app, could reveal their most private fantasies
Users of hook-up apps risk being blackmailed by hackers who have worked out how to exploit security flaws to steal users’ data.
Security experts have issued a warning after three gay hookup apps and a threesome app were found to expose users’ exact locations, just by knowing the publicly available username.
Any one of the 10 million worldwide users of Grindr, Romeo, Recon and 3Fun could be exposed – sparking fears that, if someone wanted to keep that aspect of their lives out of the public eye, they could be compromised.
Security experts have issued a warning after three gay hookup apps – including Grindr – and a threesome app were found to expose users’ exact locations, just by knowing the publicly available username
A gay parliamentary staffer, who asked to be kept anonymous, said: ‘The idea that every gay man who works for the government could be identified is terrifying.
‘There are plenty of guys that would be fine, but those into fetishes might be very concerned they might get exposed.
‘The only benefit I can see is finally putting a face to the topless torsos that keep messaging me every day.’
Researchers have already been able to find the locations of app users in the House of Commons, identifying them by tracking their home and work addresses.
Hookup apps Grindr and Romeo may also expose users in cities and countries where it is illegal to be gay, like Dubai and Saudi Arabia.
Recon, a gay kink and fetish app, could reveal their most private fantasies.
Alex Lomas, researcher at Pen Test Partners, said revealing members could also mean users could be victim of stalkers, exes and crime.
He said: ‘In the UK, members of the BDSM community have lost their jobs if they happen to work in ‘sensitive’ professions like being doctors, teachers, or social workers.
‘Being able to identify the physical location of LGBT+ people in countries with poor human rights records carries a high risk of arrest, detention, or even execution.’
3Fun – which is used to organise threesomes – was another app found to have security flaws
The firm created a tool that brings together information on the gay, kink and threesome apps, using fake locations to retrieve distances to user profiles from multiple points, pinpointing their location.
Security specialist Will Geddes said, ‘If you have an app that discloses your location, you open yourself up to the possibility of extortion, physical harm, attack and anything across the spectrum of risk.’
He said homophobic governments could easily use the tool to track and arrest members of the LGBT community.
Mr Geddes likened it to being in a town square and shouting about your sexual preferences in the street.
He added: ‘Sure, some people might want to have sex with you. But other people with malicious intent may use that information against you.’
HOW CAN YOU PROTECT YOUR INFORMATION ONLINE?
Because hackers are becoming more creative, security experts are warning that consumers need to take all possible measures to protect their identities (file photo)
- Make your authentication process two-pronged whenever possible. You should choose this option on websites that offer it because when an identity-specific action is required on top of entering your password and username, it becomes significantly harder for fraudsters to access your information.
- Secure your phone. Avoiding public Wifi and installing a screen lock are simple steps that can hinder hackers. Some fraudsters have begun to immediately discount secure phones altogether. Installing anti-malware can also be beneficial.
- Subscribe to alerts. A number of institutions that provide financial services, credit card issuers included, offer customers the chance to be notified when they detect suspicious activity. Turn those notifications on to stay informed about credit card activity linked to your account.
- Be careful when issuing transactions online. Again, some institutions offer notifications to help with this, which will alert you when your card is used online. It might also be helpful to institute limits on amounts that can be spent with your card online.