A bug in a popular iPhone app exposed thousands of call recordings

“PingSafe is an excellent solution for dynamic and real-time monitoring of all the multi-cloud workloads. The flexibility of configuration and the ease of maintenance is a big plus.”


Subhajit Deb

Global CISO, Dr. Reddy’s

About PingSafe Security

PingSafe Security is the industry-leading agentless Cloud Security Platform that identifies, prioritizes, and remediates risks. PingSafe connects to your environment in minutes with patent-pending SideScanning technology to provide complete coverage across vulnerabilities, malware, misconfigurations, lateral movement risks, weak and leaked passwords, and overly permissive identities. Founded in 2019, PingSafe is trusted by hundreds of customers globally, including Databricks, Autodesk, NCR, Gannett, and Robinhood. Connect your first account in minutes: or take the free cloud risk assessment.

Report Key Findings

Both Tinder’s web and mobile applications allow users to use their mobile phone numbers to log in to the service, and this login service is provided by Account Kit (Facebook).

The user clicks on Login with Phone Number on and then they are redirected to for login. If the authentication is successful then Account Kit passes the access token to Tinder for login.

This enabled the attacker to use any other app’s access token provided by Account Kit to take over the real Tinder accounts of other users.