back to article That's bang out of order: Threesome hookup app 3Fun leaked lovers' data, locations, pix – report

UK-based security biz Pen Test Partners describes group sex app 3Fun as having "probably the worst security for any dating app we’ve ever seen." Worse than an unprotected Elastic database exposing 42.5 million records from various dating apps? Apparently so, even though 3Fun boasts a mere 1.5 million users in the US. The …

  1. Phil O'Sophical Silver badge
    Unhappy

    Mind bleach

    not to mention 10 Downing Street

    Theresa May in a threesome? Please, please, pleeaase don't mention it. Ever again.

    1. Chris G Silver badge

      Re: Mind bleach

      Just thank deity they didn't link the White House and Downing Street with the German Chancellory.

      1. Anonymous Coward
        Anonymous Coward

        Re: Mind bleach

        Would that be the equivalant of a Governmental Goatse Gangbang ? ie: an alternative to GGG ( and obviously some of the El Reg userbase is aware of GGG)

      2. Mark 85 Silver badge

        Re: Mind bleach

        Just thank deity they didn't link the White House and Downing Street with the German Chancellory.

        You just had to get there didn't you? Now countless El Reg readers will be waking up in the middle of the night and screaming.

        1. Donn Bly

          Re: Mind bleach

          I'm more concerned about the ones waking up with a smile

      3. Dacarlo

        Re: Mind bleach

        It'd be more likely to see a threesome with The Whitehouse, The Duma and a local hooker engaged in 'water sports'.

    2. Warm Braw Silver badge

      Re: Mind bleach

      not to mention 10 Downing Street

      It may simply be a government economist who was finally discovered the explanation for Britain's oddly-persistent lack of productivity.

    3. Anonymous Coward
      Anonymous Coward

      Re: Mind bleach

      >not to mention 10 Downing Street

      I know Johnson has bought in some dregs into his cabinet but I didn't think Damian Green or Charlie Elphicke were allowed back in yet...

    4. This post has been deleted by its author

    5. macjules Silver badge

      Re: Mind bleach

      May with Johnson and Gove?

      My grey matter just shut down in protest.

      1. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921 Bronze badge

        Re: Mind bleach

        Oh no... it's not the bed that's creaking

  2. Anonymous Coward
    Anonymous Coward

    elastic != elasticsearch

    The tool is not called "the elastic database", it's called "elasticsearch". Elastic is the name of the company that produce it.

  3. Anonymous Coward
    Anonymous Coward

    It's an app for threesomes, of course it has an open backdoor.

    1. Pascal Monett Silver badge

      It's an app for threesomes a dating app, of course it has an open backdoor.

      There, FTFY.

      But seriously, how can anyone trust dating apps these days ? Made by two jerks in a garage, most of those things are just an excuse to make money out of people's loneliness. Don't use them, just go to a pub.

      1. Anonymous Coward
        Anonymous Coward

        You don't even need a pub there are loads of singles in my area wanting to talk right now. The area is slightly off but I don't mind travelling.

      2. Tom Paine Silver badge
        Devil

        Wait. You're saying it's possible to turn other people's loneliness into cash in my bank account??

        * looks around the office with wild surmise...

      3. Anonymous Coward
        Anonymous Coward

        two jerks in a garage

        Not much of a date if that's all you got...

      4. xeroks

        you've just been whooshed

      5. wayne 8

        "t's an app for threesomes a dating app, of course it has an open backdoor.

        There, FTFY."

        Did not need fixing. Porno Innuendo.

        There are software backdoors, then there are porno backdoors.

        Keep "Safe Search On" to remain naive.

    2. Anonymous Coward
      Anonymous Coward

      Did they try a DP pentest?

  4. K Silver badge
    Trollface

    "locations of users in near real time"

    Well, that is good isn't it.. How else are we meant to catch those t"hose plenty of fish"?

  5. Anonymous Coward
    Anonymous Coward

    Nobody's made a joke about "Penetration testing" yet?

    I'm ashamed of you all...

    1. Anonymous Coward
      Anonymous Coward

      Just don't forget to use an anti-virus...

    2. Fruit and Nutcase Silver badge
      Joke

      Nobody's made a joke about "Penetration testing" yet?

      I'll second that.

      Does that mean we now have...

      "Double Penetration"

  6. adam payne Silver badge

    According to Lomas, the 3Fun app revealed locations of users in near real time, user birth dates, sexual preferences and chat data. And it exposed users' private pictures, whether or not the evidently non-functional privacy flag had been set.

    #captainpicarddoublefacepalm

  7. Anonymous Coward
    Anonymous Coward

    non-functional privacy flag

    There seems to be a LOT of non-funtional "privacy" settings being exposed recently.

    https://www.androidauthority.com/google-web-app-history-tracking-894791/

    https://www.zdnet.com/article/twitter-may-have-shared-user-data-with-ad-partners-without-user-consent/

    https://www.nytimes.com/interactive/2018/06/03/technology/facebook-device-partners-users-friends-data.html

    Did you think it was only the tech giants that had all the (3)fun?

  8. Anonymous Coward
    Anonymous Coward

    The penetrated product potentially made posted privates public.

  9. DougS Silver badge
    Devil

    People who use the internet to look for threesomes

    Probably aren't big on privacy anyway!

  10. Anonymous Coward
    Anonymous Coward

    Authenticity of the pictures

    ... There's a bit less doubt about the authenticity of the pictures ...

    Anyone who has ever used a dating app, or website, of any kind knows that the pictures are rarely authentic. So if there is less doubt about the pictures than the location data, that doesn't bode well for the authenticity of the location data.

  11. DrXym Silver badge

    Anyone else...

    ... fancy a sandwich?

  12. Ian Reissmann

    Three's company, 1.5M's a crowd.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019