Oregon Senator Ron Wyden is nervous about Tinder. He may not be swiping on the service this Valentine’s Day, but with a new letter demanding that Tinder resolve some security issues, Wyden is looking out for everyone who is.
Last month, a security report surfaced what it deemed “disturbing vulnerabilities” in the dating app. Wyden’s letter cites the research, demanding a fix for a security loophole that allows would-be attackers to view nearly everything about a user’s Tinder experience via an attack over unsecured wifi.
“Tinder can easily enhance privacy to its users by encrypting all data transmitted between its app and servers, and padding sensitive information to thwart snooping,” Wyden writes.
As the security firm Checkmarx explains:
“The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app. It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content (as demonstrated in the research).”
The report notes that stolen credentials are unlikely, but the vulnerability is a recipe for blackmail. TechCrunch reached out to Tinder for comment on Sen. Wyden’s letter and its plans to fix its security concerns but the company has not responded.
“Americans expect their personal information to remain private online,” Wyden writes. “To that end, I urge Tinder to address these security lapses, and by doing so, to swipe right on user privacy and security.”