70,000 Tinder photos of women are being circulated on an underground forum typically used for selling malware. The photos are entirely of women, and cybersecurity researchers believe the photos could be used for malicious purposes.
The incident was first reported by Gizmodo.
Apparently, the photos were discovered by Aaron DeVera, who is a member of New York City’s task force on cyber sexual assault. The expert unearthed the images on a website typically used for trading malware. The dump also contains a text file with 16,000 unique Tinder user IDs. This could be the total number of affected women.
Why were the photos of female Tinder users collected?
Nobody knows the exact reason but assumptions can be made easily. What is known for sure is that the availability of 70,000 photos of women on Tinder raises serious concerns. There are various criminal activities that can be carried out with the help of such photos. They could be used to harass the targeted women, or to generate fake user profiles on other platforms which could enable further criminal activity.
However, these are not the only malicious scenarios stemming from such a sensitive dump. A developer company could be using the images to train a facial recognition algorithm to be used in a new product. For instance, the Social Mapper tool from 2018 uses facial recognition to correlate social media profiles.
Collected photos are mostly selfies
“Contextual clues, including particular phone models like the iPhone X seen in the photographs, as well as limited metadata, suggest that many of the (mostly) selfies were taken in recent years. Some of the photos, in fact, contain timestamps dated as recent as October 2019”, Gizmodo reported.
What did Tinder say?
A Tinder official has stated that the use of any photos or information outside the confines of the app is strictly prohibited. Tinder promises to do whatever is necessary to have the affected data offline.
In 2016, security researchers detected a spam campaign targeting Tinder users. The spam claimed to promote safety in online dating, a trick applied to “attract” affiliate money. The scam involved the initiation of flirty conversations with playful opening messages such as “Wanna eat cookie dough together some time?“. The spam bot would then “release” several messages, and would ask the user whether they have been verified by Tinder.