Data Of 1.5 Million 3Fun Dating App Fans Exposed
By: Jim Stickley and Tina Davis
November 9, 2019
We know dating apps have a long history of data breaches and hacking, and now 3Fun users join the club no one wants to belong to. The app is available on both Android and iOS devices, with over 1.5 million users affected in the breach. Security flaws in the app made personal data like name, location, photos, birth dates, and sexual preferences publicly exposed. Some researchers believe it may be the worst dating app security ever. Those who recall the 2015 Ashley Madison hack know that millions of customers had their confidential data dumped in a very public way. Those disclosures led to countless ruined marriages and is even believed to be the reason behind a user’s suicide.
The difference between the 3Fun breach and the Ashley Madison hack is the way each app’s data was made public. 3Fun is called a data breach because the app’s many security flaws led to the data being accidentally exposed. On the other hand, Ashley Madison experienced a true data hack. A hack is caused by bad actors who actively look to steal data or cause harm in other ways.
Putting the differences aside, dating apps are always vulnerable because of the particularly sensitive data they collect. Compromising PII (Personally Identifiable Information) is also a perfect setup for ransomware attacks that threaten to expose PII unless a ransom is paid to get the data back. No one using a dating app wants to think their PII could be made public by either means.
3Fun claims they released two security patches this summer that make their app safer and say they will continue to do so. However, those already caught in the breach know it’s too little, too late. Keeping safe on any app should be a security concern to the billions of fans who use them every day. Basic cyber-smarts are a simple way to help keep your PII where it belongs. Hacking history tells us 3Fun won’t be the last dating app to spring a leak. You do have some control, however:
Check your privacy settings. Apps users can review their privacy settings and decide what works for them by turning settings on or off. Most apps ask for permission to data they have no real need to collect, so pay close attention to the many information requests that pop-up during downloads. When in doubt, it’s best to deny permission rather than regret it later.
Be careful of what you post online. Any company hosting an app collects your data, with many selling it to third parties for advertising and marketing purposes. That means apps like 3Fun, Facebook, Twitter, LinkedIn, and countless others keep tabs on the data you post–so think twice about the information you’re putting out there. The best test of what to post is to assume at some point it will become public.