70,000 Tinder Photos Have Been Stolen and Shared Online

Over 70,000 photos of female Tinder users have been shared by members of an internet cyber-crime site. There have been increasing worries regarding the safety of these photos and the possibility that they could be used for abusive purposes.  It is also particularly alarming that hackers who obtained the images appear to be mainly targeting female users. 

A member of New York’s committee on cyber sexual assault Aaron DeVera reported that the images were found on a website well-known for being a portal for malicious software. The deposit also included a text file which contained around 16,000 individual  Tinder user IDs, which could amount to the number of users affected.

The reason for this massive breach remains unclear, but the ease in which they could be used for illegal acts is clear. The images may be used to target and harass the users or to create fake accounts and profiles on other sites.

Another possible issue is that a company is using the photos to develop photo recognition software; programmes which are becoming increasingly common to help businesses recognise clients’ facial data. From examining the photos, through timestamps and contextual information, we can conclude that these images are recent. Therefore, the data is more valuable for current hackers. 

The Risk

According to Tinder’s policies, the use of any photos or information outside the app is prohibited and the company stated they would take whatever steps necessary to have the data removed. DeVera, the New York-based cyber security expert, was hesitant the files would be easily taken down, but said he would notify Tinder of the location of the files. 

DeVera continued by giving more details about the data, saying: “Given the context of this being a dating app, there are photos a person may not necessarily want presented to the public. Further, not only is it sorted by userID, but it is also sorted by whether or not there is a face in the picture.” This adds to the argument that these images will be used to aid in developing facial recognition software. 

DeVera also gave evidence for another concern; that these images may be used to make fake online profiles. He said: “Dumps of data such as this typically attract fraudsters, who use it for making large collections of convincing fake accounts on other platforms.” There is also the potential that these pictures could encourage abusive behaviour with DeVera stating:

“Stalkers might use this in a more targeted manner, in an effort to add to a collection of data to use against an individual.”

Tinder’s View

Following the incident, Tinder has instated further resources to combat the misuse of its app, a company official told technology website Gizmodo; though they did not specify the type of tools that will be implemented.  A Tinder spokesperson stated:

“We work hard to keep our members and their information safe… and we are constantly identifying and implementing new best practices and measures to make it more difficult for anyone to commit a violation like this.”

The company further pointed out that the photos uploaded to their site can be viewed by others, as per their terms and conditions, though the app was not intended for one person to stockpile a large amount of individuals’ images.

Match Group, the parent company of Tinder and OkCupid, said that it shares data with third-parties only in line with relevant legislation. The company also stated that they do not use “sensitive information” for advertising or marketing, saying

“Tinder and OkCupid only share data in cases where individuals are reported for criminal activity and/or engaging in bad behavior.” 

Software Regulation

Facial recognition software is one of the most controversial technologies of recent years and  privacy experts are encouraging regulators to implement a temporary ban on the technology until robust guidelines can be agreed upon. Presently, facial regulation software is unregulated in many US states. 

This week, House Representative Alexandria Ocasio-Cortez described these technologies as similar to those shown on the Netflix series Black Mirror which depicts a dystopian universe where individuals have lost control over their private data. She said regarding the software:

“People think, ‘I’m going to put on a cute filter and have puppy dog ears,’ and not realize that that data [is] being collected by a corporation or the state, depending on what country you’re in, in order to surveil you potentially for the rest of your life.”

There have been campaigns launched by digital rights activists to stop halt the spread of face recognition systems on college campuses instigated by organisations such as Fight for the Future and Students for Sensible Drug Policy. These efforts have inspired students to organize and call for bans at universities across the US. The deputy director of Fight for the Future, Evan Greer said: “This type of invasive technology poses a profound threat to our basic liberties, civil rights, and academic freedom.”

Tinder is not the only dating app to be met with criticisms over its data protection. A New York Times investigation recently uncovered that numerous dating apps, such as Grindr, have shared individual data with many marketing and advertising companies. According to a report by the Norwegian Consumer Council (NCC), these contravene data privacy laws.

Jamal Ahmed, Director of Kazient Privacy Experts said: 

“It’s more important now than ever before to be conscious about what personal data we are giving up and to whom. As individuals we need to take responsibility as the government is failing to ensure our personal data is protected.”

He continued by stating that, “Many of our friends are on Tinder and they would be horrified to learn their photos are being used to create fake profiles on social media or  for other purposes without their knowledge.”

Kazient Privacy Experts offer bespoke Data Protection, Privacy and GDPR compliance solutions in a language you understand to UK and international organisations, and has received positive media coverage across Europe. Kazient’s GDPR consultants are fully certified to be your outsourced Data Protection Officer or EU Representative. Get in touch to find out how we can help your business by visiting our website www.kazient.co.uk or calling us on 0330 022 9009.