Majority of Dating Apps Fall Short on Security Safeguards
In a revealing analysis by the Business Digital Index (BDI), 24 leading dating apps were scrutinised for their digital infrastructure, and substantial deficits were found. The report highlights a number of concerning issues, including weak web application configuration, TLS configuration problems, and unpatched software vulnerabilities.
The findings suggest that many dating platforms in 2025 still have the same vulnerabilities that have led to catastrophic security breaches in the past. For instance, the 2015 Ashley Madison hack exposed data from over 30 million people, resulting in an estimated 80-90% drop in traffic in the months following the breach. Similarly, in 2020, Zoosk was hit, with 24 million data sets containing personal details like income, birthdates, and sexual orientation falling into hackers' hands.
Attacks on dating apps are not exceptions but rather the norm, according to the analysis. In 2024, researchers discovered security vulnerabilities in the APIs of Tinder, Bumble, Grindr, and Hinge, which allowed attackers access to location data. This is a worrying trend, as the sensitive nature of the information managed by dating apps, including private messages, sexual orientation, photos, and payment data, makes them prime targets for cybercriminals.
The report card for the dating apps was not all doom and gloom, however. Only two platforms, Bumble and EliteSingles, reached the B category - the best result of the study, with 93 and 92 points respectively. Unfortunately, the apps of the Match Group (Tinder, OkCupid, Plenty of Fish, Match.com) dominate the market but only achieved grades C or worse. Five platforms, Coffee Meets Bagel, Christian Mingle, Match, Zoosk, and AdultFriendFinder, landed in the risk category with a grade F.
Regulatory bodies are also investigating the practices of dating apps. For example, a recent $14 million settlement was made with the Match Group over deceptive practices. Additionally, the GDPR and California CPRA consider sexual orientation as "special category information" and "sensitive personal information," respectively, requiring careful processing.
To enhance security on dating apps, users are advised to take several precautions. This includes using a separate email address, avoiding reusing profile photos, being cautious with "Log in with Facebook/Google," limiting location sharing, and not linking social media accounts.
The BDI report serves as a stark reminder that the cybersecurity of dating apps remains a significant concern. The security vulnerabilities currently observed in dating platforms are not a hypothesis, as the same types of weaknesses have already led to some of the most serious security breaches in the industry and beyond. It is hoped that the findings will prompt app developers to take action and improve their cybersecurity measures to protect users' sensitive information.
