ISE Labs research into popular dating apps, we looked at Bumbles web application and API. As of November 1, 2020, all the attacks mentioned in this blog still worked. An attacker can still use the API to obtain information such as Facebook likes, pictures, and other profile information. Bumble is no longer using sequential user ids and has updated its previous encryption scheme. The attacks on bypassing payment for Bumble’s other premium features still work. We will be focusing on finding workarounds for the following Boost features.”]
Source: https://blog.securityevaluators.com/reverse-engineering-bumbles-api-a2a0d39b3a87