I Hacked India's Biggest Dating App (They Offered Me a $100 Gift Card)
4 days ago
- #privacy
- #security
- #data-breach
- Flutrr, backed by The Times of India, has severe security flaws exposing all user data.
- No authentication checks in any API endpoints, allowing unauthorized access.
- Vulnerabilities include logging into any account, sending messages as any user, and swiping for others.
- Full user data (names, emails, phone numbers, location, etc.) is accessible to anyone.
- Account deletion and other malicious actions are possible without authorization.
- Reported vulnerabilities in November 2024, ignored until March 2025, and still unfixed by August 2025.
- Offered only a $100 Amazon gift card as compensation for critical vulnerabilities.
- Users' private data (messages, matches, profiles) is completely exposed.
- Recommendation for users to delete accounts until fixes are implemented.