Skip to main content

Plenty of Fish leaks private user information

(Image credit: Shutterstock.com / Tero Vesalainen)

Lonely hearts may need to update their profiles after one of the world's top dating apps revealed it had suffered a serious data breach.

Plenty of Fish (PoF), which reportedly has around 150 million registered users worldwide, has had issued a patch for its mobile app after a security researcher found it was leaking information that users had set to “private” on their profiles.

The affected information included the first names and postal ZIP codes of PoF users, putting them at risk not just online, but in the real world too.

Diligent

The breach was uncovered by a security researcher known as The App Analyst, who found that both the Android and iOS apps, as well as the PoF web application, were affected.

When signing up for the service, PoF asks prospective users to provide a selection of personal data to help tailor their romantic matches, including a home ZIP code to make sure local users can be shown.

Although the site says that certain information will not be displayed on a user's profile, this information is still accessible via the app's API using freely available tools.

"Plenty of Fish was quite responsive and diligent with regards to rolling out a fix for revealing a users home ZIP code," the App Analyst wrote in a blog post outlining the findings. 

The news is also alarming as it comes after several high-profile incidents in which users of gay dating app Grindr have been lured into false meetings which have seen users attacked and robbed.

PoF says it has confirmed the privacy concerns are no longer present in the app's API, but users may still wish to update their profiles and display preferences in order to ensure no personal information is at risk.

Via TechCrunch