When Tinder Social launched last week, observers noted that the feature—which lets groups of users match up for a night out—lets folks see which of their Facebook friends are on the hookup app. Now a hacker has discovered a new, and way creepier, vulnerability in Tinder Social.
According to a Tumblr post by a hacker who goes by the name "Alex," which was posted on Thursday last week, the hack allows you to view your Facebook friends' Tinder photos, bio, and lets you swipe right on their profile even if the app hasn't presented their profile to you organically. Most concerningly, however, the hack also allows anybody to check out their friends' "last active" time stamp.
The sticker that publicly advertised the last time a user logged into Tinder was removed from the app in November. At the time, the move was hailed as making Tinder a much less creepy place. After all, the ability to check out when any of your matches (which may include past partners, depending on how long you've been using the app) were last cruising Tinder has some definite stalker vibes and may be a way for abusive or controlling partners to keep tabs on their dates' habits.
The process to access this information via Tinder Social requires some specialized technical skills. However, Alex created a program (Motherboard hasn't independently verified that it works) that makes the process a bit more intuitive. The program is hosted on GitHub, an open source coding platform, and Alex asks users not to actually use it. The program requires the additional step of using the Python coding language on your own computer to run, meaning most Tinder bros will probably not be able to stalk their matches and Facebook crushes.
Alex wrote in his post that he alerted Tinder to the vulnerability with a support ticket, but received a response that simply said that "this is part of our feature called Tinder Social."
Tinder has not yet responded to Motherboard's request for comment and we will update this post when we hear back.
Tinder justified the ability to see which of your Facebook friends use Tinder via Tinder Social with a statement that said "it's important to note Tinder's not a secret considering 70% of users download Tinder because their friends recommend it." The Tinder blog post containing this quote now returns a 404 error, but the quote appeared in numerous reports on the feature's launch in April.
While using Tinder may not be a secret for many people, the specific times that they log in could very well be.