A number of users on dating app Tinder report being matched with fake profiles of women, who are actually automated bots promoting a mobile game called “Castle Clash.” The bots are sharing a link to the game on the URL “Tinderverified.com,” making it appear that Tinder is the URL’s owner or is somehow involved with this scheme, which it is not.
A Reddit user was one of the first people to notice the hack for what it was, and posted a screenshot to the social networking and news sharing site around a week ago. That post now has a handful of replies from others who say the same thing is also happening to them. And today, Twitter is filled with complaints from those who claim they’re also getting matched with Tinder bots promoting this game.
The bots will message users in the Tinder app, saying “hey,” and “how are you doing?” before telling the unsuspecting user that they’re “relaxing with a game on my phone, castle clash…have you heard about it?”
No matter what the user replies, the bot will then share the URL.
It’s unclear at this time who exactly is behind these fake accounts, though of course the app developer, IGG.com, is immediately suspect. The company offers dozens of games in the App Store and on Google Play, including localized versions of “Castle Clash” and other, similar “Clash of Clans” knock-offs including also “Clash of Lords,” for example, as well as several gambling applications.
However, there’s also a slight chance that game developer itself is the victim of sorts, having paid an unscrupulous app promotion network to boost its downloads, and this Tinder hack is the result. But given that this hack has been taking place for at least a week now, if not longer, this is less likely to be the case. The developer has had plenty of time to pull its app from the rogue app promoter’s network, or respond publicly to the many outcries from users who now associate this company and its games with being a scam.
TechCrunch has reached out to both the game developer and to Tinder for more information and will update if they reply. [Update: Tinder says it's aware of the problem, which it describes as an "isolated incident," and is taking the necessary steps to remove the spamming accounts.]
Tinder, at the very least, has a responsibility to protect its users from spammers who generate fake profiles on the popular service in order to promote their own agendas, spam users, or, in this case, boost an app’s downloads. The company, though, has struggled in the past with fake profiles, including one that was used to collect Uber referral credits as well as the various porn bots, which the company said it was aware of and working to fix, back in December.
Now it seems that Tinder has another spam problem to deal with, and one which this time isn’t just annoying users, but also affecting Tinder’s own brand too, as the URL use by those behind these bots could confuse less savvy users into thinking that Tinder itself is somehow involved.
UPDATE: The title of this post has been updated to more accurately reflect the nature of the spam attack, as well as with Tinder’s comment. Their full statement is below:
“We are aware of the accounts in question and are taking the necessary steps to remove them. Ensuring an authentic ecosystem has always been and will continue to be our top priority.”
Thanks, Ouriel Ohayon; TechCrunch tipsters