Bottom Line Up Front: There were bugs in Bumble’s Application Programming Interface, discovered by Independent Security Evaluators. The bugs allow a way to bypass paying for Bumble Boost, where loopholes were found that attackers could use to uncover private user data.
Details: The loophole could allow attackers to view user data of the wide-based, near 100 million, users of the Bumble dating app. If a user linked their Bumble account to Facebook, it would allow attackers to gather information on recent activity on the site. It can also be used to learn a user’s preference for dating, leading to an increased ability to create targeted fake dating profiles.
It is expected these bugs will be fixed soon.