Senator calls on Tinder to fix a security flaw that lets randos snoop through your dates

Oregon Senator Ron Wyden is nervous about Tinder. He may not be swiping on the service this Valentine’s Day, but with a new letter demanding that Tinder resolve some security issues, Wyden is looking out for everyone who is.

Last month, a security report surfaced what it deemed “disturbing vulnerabilities” in the dating app. Wyden’s letter cites the research, demanding a fix for a security loophole that allows would-be attackers to view nearly everything about a user’s Tinder experience via an attack over unsecured wifi.

“Tinder can easily enhance privacy to its users by encrypting all data transmitted between its app and servers, and padding sensitive information to thwart snooping,” Wyden writes.

As the security firm Checkmarx explains:

“The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app. It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content (as demonstrated in the research).”

The report notes that stolen credentials are unlikely, but the vulnerability is a recipe for blackmail. TechCrunch reached out to Tinder for comment on Sen. Wyden’s letter and its plans to fix its security concerns but the company has not responded.

“Americans expect their personal information to remain private online,” Wyden writes. “To that end, I urge Tinder to address these security lapses, and by doing so, to swipe right on user privacy and security.”

Update: Tinder contacted TechCrunch with the following statement. 

“We appreciate the concern raised by Senator Wyden. At Tinder, we take the security and privacy of our users seriously and employ a network of tools and systems to protect the integrity of our platform, including encryption. As part of our ongoing efforts in this area, we recently updated our mobile app and web platforms to encrypt profile images, in addition to swipes and other data which were previously encrypted. Like every other technology company, we are constantly improving our defenses in the battle against malicious hackers. However, we do not go into any further detail on the specific security tools we use, or enhancements we may implement, to avoid tipping off would be hackers.”