Independent Security Evaluators researcher Sanjana Sarda reverse-engineered Bumble s API and found several endpoints that were processing actions without being checked by the server. She was able to access users Facebook data and the wish data from Bumble, which tells you the type of match their searching for. Sarda said these issues were easy to find and that the company’s response to her report on the flaws shows that Bumble needs to take testing and vulnerability disclosure more seriously.
Source: https://threatpost.com/dating-site-bumble-swipes-unsecured-100m-users/161276/