A serious threat in security in the bumble app might allow the attacker to pinpoint the precise location of the user. This threat was discovered by Robert Heaton, a software engineer by profession. According to him, an attacker can not only locate the victim’s address but also track his/her movements to some extent. Heaton has reported his findings to bumble via HackerOne and received a large sum of $2000 after confirmation of the security threat.
Heaton sent a series of requests through automated scripts and these scripts repeatedly relocated the attacker and thereby denied the attacker to request the distance of the victim. According to him, the attacker can identify “flipping points” of three exact distances of the victim which makes precise triangulation possible usually around a distance of 3 to 4 miles. However, Bumble doesn’t update the location of its users regularly, thereby the attacker might not get a live feed but only get a general idea of the location. Heaton also managed to spoof ‘swipe yes’ requests especially for users who showed an interest in viewing profiles without paying a $1.99 fee on the Bumble app.
Bumble has reportedly found a solution for the threat but the vulnerability still arises and hence it is important for members dating online to consider the installation of VPN on their personal computers and smartphones to be on the safe side and prevent any kind of tracking from the attacker.
Disclaimer: All reviews are independently written and unpaid for, unless stated otherwise. All product names, logos, and brands are property of their respective owners.