3Fun Is Not Secure
3Fun is a location-based mobile online dating application that is available for iOS and Android. Currently, the service is available in the United States, Canada, the UK, the Netherlands, and Brazil, among other countries. It has about 100,000 monthly downloads and more than 2 million downloads overall. Its popularity is growing fast.
80% of users find a match within 24 hours
The 3Fun app is free and works by connecting people who are interested in threesomes. It uses an algorithm to match you with someone based on your preferences and location. After signing up, you can browse profiles and chat with potential matches. Once you have mutually decided on someone, you can meet up and have a date. It has a huge database of users and the process of finding a match is very simple.
The site allows you to search by gender, age, location and sexual orientation, and matches you based on your answers. The matching algorithm also takes into account what you share in common with others. However, if you have a particular dealbreaker in mind, you can ask them about it before committing to a match.
1.5 million users
3Fun, an app that allows users to meet people around the world, has a major problem. The location data stored in the app is not secure. Researchers at Pen Test Partners were able to pinpoint users’ locations around the world. They found users in the White House, US Supreme Court, and even Number 10 Downing Street in London.
While there are steps users can take to limit their location data, 3Fun leaks data about users to third parties. The app sends location information to 3Fun servers through a GET request. This means that 3Fun can be used to track users in buildings and locations they are not aware of.
Leaked location data
A research team from Pen Test Partners revealed that 3fun was storing location data from its users in the app, not securely on their servers. Although the app claims to have a setting that restricts location data, the researchers were able to discover users’ locations all over the world. For example, they found users in the White House, the US Supreme Court, and even at 10 Downing Street.
This data includes usernames, route details, and other sensitive information, including sexual preferences and private pictures. The data was made available to third parties through an exploit called trilateration, which allows users to fake their GPS coordinates by abusing distance from me features.