Users of an app, ‘3 fun’ designed to facilitate group sex in the United States had their security breached after the sensitive information of the 1.5 million users was made easily accessible.
On the App Store, 3fun ironically boasts of its security, touting hidden profiles and private photos that can only be viewed by your matches.
But, the Pen Test investigation shows this is far from the truth.
In an alarming new report, the team at Pen Test Partners says the service 3fun exposes everything from near-real time locations and sexual orientations to pictures uploaded by its users – even if they’re set to private.
Security researchers at Pen Test Partners found vulnerabilities in the app ‘3fun’, they found it was easy to obtain location, sexual orientation, birthday, photos.
Users were pinpointed in spots including the White House and Supreme Court, although the team notes that a tech savvy user could alter their own location as a joke.
While users can opt-out of having their latitude and longitude sent to the app, the data remain available on the server.
