Credit: Wachiwit / Shutterstock.com12 5 - 18 February 2020 Email us your security questions at [email protected]
THISISSUE’SEXPERT:
TomChivers,Digital
PrivacyAdvocate
atProPrivacy
(proprivacy.com)Q
Followingthe
Tinderdata
breach(bit.ly/
tinder494), aredating
appsunsafetouse?
AndrewMarkham,TwitterA
The news that
Tinder suffered
a massive data
breach that leaked more
than 70,000 photos – all ofInternetExplorerhitby
newsecurityflaw
Microsofthas
warnedthat
millionsofpeople
stillusingits
InternetExplorer
browsercould
beatriskfrom
a zero-day
securityflawthat
is activelybeingexploitedbyhackers.
Theflawrelatestoa memory-
corruptionbugin thebrowser’s
scriptingengine,whichit usesto
executecode.“Anattackerwho
successfullyexploitedthe
vulnerabilitycouldgainthesame
userrightsasthecurrentuser,”
Microsoftnotedin itssecurity
guidance.“Ifthecurrentuseris
loggedonwithadministrativeuser
rights,anattackerwhosuccessfully
exploitedthevulnerabilitycould
takecontrolofanaffectedsystem.”whichbelongedto
female users – is
hugely problematic
for the dating giant.
The fact that the
hack, discovered by
a researcher at
cybersecurity firm
WhiteOps, targeted only
women suggests that this
data dump could be used for
the creation of fake profiles
on other dating sites. This
has worrying implications for
the users affected, given they
could now have their data
used for ‘catfishing’ or
fraudulent accounts they
have nothing to do with.
If you aren’t willing to
provide photos of yourself,
you aren’t allowed on theapp– thisis how
Tinder operates.
The dating giant
is therefore duty-
bound to protect this data.
This breach is not without
precedent, as Tinder photos
have been misused plenty of
times. Three years ago,
40,000 photos surfaced in an
online forum – the purpose,
reportedly, was to train
facial-recognition algorithms.
While Tinder explicitly says
in its terms and conditions
that it prohibits the use of
scraping tools, hackers havefoundwaystocollectdata
en masse. This does not
bode well for the privacy
and security of Tinder
users, especially when
targeted phishing
campaigns can be
leveraged against their
most intimate data.
In the world of dating,
safe spaces are essential.
Tinder has to do better
when it comes to securing
the data of its users, both
from hackers and the third
parties it willingly shares
your information with.News about the latest threats and advice from securityexperts
Stay Safe Online
SECURITY ALERT! | What’s been bothering us this fortnight
Security Helpdesk | Your questions answered by security specialists
That could let attackers install programs,
including malware, as well as access and
edit data, and create new user accounts,
the company noted.
Microsoft said it was aware of “limited
targeted attacks” using the flaw and
confirmed that it was working on a fix.
This is expected to be included in the
next Patch Tuesday update, which is due
out on 11 February.
bit.ly/ieflawGoogle finds flaws in Apple’s
Safari browser
Google
researchers have
discovered
several major
security flaws
in Apple’s Safari
browser that
could have
potentially allowed hackers to track
users. The flaws were found in Safari’s
Intelligent Tracking Prevention feature,which is designed to automatically
block and delete cookies to prevent
users from getting tracked on the web.
However, rather than protect users’
privacy, the five vulnerabilities
identified by Google’s team may have
resulted in third-party companies
getting hold of sensitive and private
browsing information, and provided
a way for them to see what users were
searching as well as track them around
the web.
“You would not expect privacy-
enhancing technologies to introduce
privacy risks,” independent security
researcher Lukasz Olejnik told the
Financial Times. “If exploited or used,
[these flaws] would allow unsanctioned
and uncontrollable user tracking.”
Google informed Apple of the
vulnerabilities in August 2019, and
Apple quietly fixed them in December,
while thanking Google for finding
the flaws.
bit.ly/safariflawThis breach does not bode
well for the privacy and security
of Tinder users