Plenty of Fish, one of the many dating apps, had been accidentally leaking private user data. Following the buzz from a security researcher who discovered the leak, Plenty of Fish pushed out an update that corrected the issue moving forward.
As reported by TechCrunch, The App Analyst discovered the Plenty of Fish app through the examination of the app’s API. Plenty of Fish had been returning information containing users’ first name and postal code, even if pieces of information were set to ‘private’.
The App Analyst describes that the leaked data was difficult to read as it was scrambled, but he was able to utilize “freely available tools designed to analyze network traffic” to reveal the information. Additionally, information such as the marital status of parents, income, and the number of siblings, all of which were recorded during registration and hidden behind ‘Not Displayed on Profile’ could be accessed.
Plenty of Fish is home to over 150 million users. The App Analyst also provided a detailed timeline included the dates of which the app was notified of the leak, which was earlier in October. From that time, Plenty of Fish developed a patch and began rolling it out early December, before disclosing the leak to its users.
TechCrunch indicated that Plenty of Fish has not commented on the incident outside of the user discloser.