The app works by showing you people who are in your immediate vicinity, but it rounds distance to the nearest mile. However, researchers at Include Security discovered that the app's servers were actually giving out far more detailed information. Instead of the nearest mile, hackers with "rudimentary" skills could potentially see mileage up to 15 decimal points -- enough to pinpoint a user's location to within 100 feet.
Tinder has dealt with this kind of issue before. Last summer, Quartz reported that data files from Tinder's servers was reporting users' last known location and Facebook ID. And to make matters worse, the breach reportedly lasted two weeks rather than the "few hours" the company's chief executive initially claimed.
This time Bloomberg Businessweek reports that security researchers told Tinder about the vulnerability on Oct. 23 but didn't "get a meaningful reply" until early December. Then a Tinder employee asked for more time so the company could fix the problem, which they reportedly did at some point before the start of 2014.
Tinder is far from the only dating app to have security vulnerabilities or leak out personal data. OkCupid's Crazy Blind Date app and Grindr have also had issues. But these problems aren't limited to this specific subset of apps. Mobile malware has been on the rise in recent years. And many free apps collecting data about users to sell to third parties or serve targeted ads. That means there are a lot of caches of consumer data that may be vulnerable to hackers thanks to security flaws. Or even being used by the National Security Agency for tracking.