cybersecurity in dating apps

Growing concerns about cybersecurity in dating apps

Generic placeholder image
Matt McKenna

Underwriting Manager



Vulnerabilities have been discovered in some popular dating apps.

What lessons can other businesses take away?

Anyone who uses an app assumes that there’s a certain amount of privacy involved. This isn’t unique to dating apps. Consumers accept that the app marketplace and/or developer will collect usage and error data and certain forms of personally identifiable information.

What they don’t expect is that unauthorized third parties will be able to view and even control user experience on the app.

That’s the exact situation that dating app Tinder is dealing with right now. One flaw in the mobile app’s security gave some creative hackers a point of entry. Then they were able to view the pictures a user was looking and even track the user’s swipes.

In theory, a bad actor could sell this info, use it for blackmail or who knows what else.

But they’re not alone, as the Hustle noted. Several other dating apps have been called out for vulnerabilities in their geo-location system. Hackers were actually able to physically locate users despite deliberate efforts from the companies to hide GPS data.

Cybersecurity in dating apps is the topic of the day but every company with an online presence bears similar risks. What can they learn from Tinder’s experience?

 

Spotting vulnerabilities is a constant battle

It’s a marathon, not a sprint, and companies use various methods to address this. Third party security firms and bug bounties have emerged as valuable solutions.

Tinder is well aware of the ongoing threat:

In a statement to WIRED, a Tinder spokesperson wrote that “like every other technology company, we are constantly improving our defenses in the battle against malicious hackers,” and pointed out that Tinder profile photos are public to begin with. (Though user interactions with those photos, like swipes and matches, are not.) The spokesperson added that the web-based version of Tinder is in fact HTTPS-encrypted, with plans to offer those protections more broadly. “We are working towards encrypting images on our app experience as well,” the spokesperson said.

This shows us two things: 1) fixes take time and 2) no plan is foolproof.

 

Vulnerabilities will be found and exploited, and they can be expensive to fix.

Whether it’s by you, bad actors or white hat hackers who want to raise awareness/promote their services, vulnerabilities will be found. The goal is for you to find them first so you can avoid bad press, or much worse.

In the case of Tinder, the problem is a clear vulnerability in their protocol: they use HTTP instead of HTTPS encryption. Pretty simple. But not all vulnerabilities will be so clear. The costs of finding and fixing these vary on a case-by-case basis. (One cyber security expert estimated an average cost of $28,000 to repair all of the bugs on a website.)

 

Insurance can protect you from data breaches when all else fails

Year after year, high-profile data breaches are showing us that companies who are proactive about cyber security are investing in their future. The cost of failure is simply too high.

By the time insurance enters the picture, the vulnerabilities have been found and exploited by bad actors. Now is the time for damage control.

Cyber insurance offers two main protections after a data beach happens:

  1. Paying the costs of defending you from certain suits and investigations.
  2. Reimbursing the company for certain direct expenses that arise.

Policies often include limits for defense costs, regulatory investigations, PCI compliance fines and expenses, breach notification costs, PR and crisis management consultation and the costs of maintaining a call center and credit monitoring for affected users. And these are just the basics in terms of protections available from carriers today. More nuanced and advanced coverages can be tailored to special risks.

 

Want to know more?

You can contact us at info@foundershield.com or create an account here in order to get a quote for cyber insurance.

Want to read more on the subject?  Check out our other blog posts on cyber insurance.

Related Articles

eo_canadian_tech_companies
September 30 • Cyber LiabilityErrors & Omissions

E&O Insurance Guide for Canadian Tech Companies

Canadian tech companies face unique exposures — but tech E&O insurance helps to mitigate risks. Here’s what you should know.

canadian_tech_companies
September 23 • Cyber LiabilityErrors & Omissions

Top 5 E&O and Cyber Claims for Canadian Tech Companies

Canadian tech companies face a slew of challenges — but five primary E&O and Cyber claims stick out. Here’s a look at these themes.

protect from a data breach
August 18 • Cyber LiabilityRisk Management Tips

How to Protect Your Fast-Growing Business From a Data Breach

A cyberattack could devastate your fast-growing business quickly. With cybersecurity a real concern, here’s how to protect your mid-market business from a data breach.

April 8 • Cyber LiabilityGeneral Liability

Reducing Risk for E-Scooter Operators: Safety, Security & Hardware

In the context of e-scooter safety, we’ve teamed with ACTON to identify and mitigate the most significant risks operators face today.

cyber_liability_PCIDSS_compliance
April 8 • Cyber Liability

Cyber Liability and PCI DSS Compliance [Why it Matters]

PCI DSS compliance and cyber liability can seem confusing, but we break it down for you so you can keep your business booming.

February 11 • Cyber LiabilityNews

The 101 Guide to the California Consumer Privacy Act (CCPA)

California is well-known for spearheading fresh trends, innovative ideas, and game-changing regulations. It’s no surprise that the California Consumer Privacy Act (CCPA) originated in The Golden State.