Tantan, a close replica of Tinder, has vowed to improve its encryption after it was revealed the site had little to no protection against moderately competent hackers.
CEO and co-founder Yu Wang admitted in an email response that the lack of protection protocols was a โbad ideaโ and that they are seeking to fix the problems as soon as possible. The vulnerabilities were exposed in a report last Friday by Hong Kong-based entrepreneur Larry Salibra, who founded his own crowdsourced site-testing service.
Mr. Salibra claimed the site was โendangering young women and men by failing to use encryptionโ, drawing a comparison to the recent Ashley Madison hack which exposed thousands of personal data points.
Tantanโs CEO reached out to Mr. Salibra directly via email to respond to the allegations, saying that the company is now โworking on releasing a version that fixes these two issues within the week,โ though he claimed that the comparison with Ashley Madisonโs breach was not accurate.
Among the vulnerabilities the report showed that sensitive data including personal telephone numbers and passwords were left unencrypted by Tantan. Other information including gender, sexual orientation, interests and hobbies were also left exposed through various means.
By viewing Tantanโs exposed console log though Appleโs developer kit Xcode, potential hackers are able to see a host of information about the app which is typically โturned offโ in other apps to increase performance and protect sensitive information.
The report also revealed that Tantan had been using a list of โrude wordsโ to chide users who used certain phrases, such as colloquialisms for โletโs meet for sexโ and โsend nudes.โ
China has a booming market of apps designed to facilitate romantic encounters, some with better reputations than others. Tantan is one of a handful of services that has an interface almost identical to Tinder. The latest breach reignites concerns surrounding the security of the many social apps flooding China-focussed app stores.
The country has seen a spate of high-level hacks and malware threats over the past year. In September a handful of the countryโs most popular apps, including Didi, WeChat and NetEase Music, were infected with malware due to a tainted version of Appleโs developer kit.
Tantanโs most recent funding round was in February this year, when they raised $5 million USD led by Bertelsmann Asia Investments.
