The Most Intimate Data You'll Ever Share
In August 2024, researchers found that Bumble, Grindr, and Hinge leaked users' exact physical locations, accurate to within 10 meters. Attackers could pinpoint where you live, work, and socialize. [1]
Grindr collects 24 different data types. Half of dating apps have experienced data breaches in the past three years. A Catholic group spent $4 million buying Grindr location data to out gay priests. [2] [3]
Your dating profile isn't just a profile. It's a surveillance dossier.
What Dating Apps Actually Collect
Mozilla's April 2024 report found dating apps are "worse than ever for your privacy" compared to 2021. Here's what the most popular apps collect: [4]
Grindr
24 data types
Including HIV status, last-tested date, sexual orientation, drug use
Bumble
22 data types
Collects location in background even when app isn't open
Tinder
16 data types
Precise geolocation, messages, photos, behavioral data
Hinge
15 data types
Background location tracking even when closed
The Sensitive Data Problem
Dating apps collect categories of data that most apps never touch:
- Sexual orientation
- HIV status and last-tested date
- Racial and ethnic data
- Religious and political beliefs
- Pregnancy or childbirth information
- Drug use
- Biometric data (facial recognition scans from profile photos)
This isn't metadata. This is the most intimate information about your life, packaged and shared with advertisers, data brokers, and anyone who buys it.
The Location Tracking Nightmare
Your Exact Address in 10 Meters
At Black Hat USA 2024, Belgian researchers analyzed 15 location-based dating apps. Every single one leaked sensitive data that could be exploited. Six apps, including Bumble, Grindr, and Hinge, allowed attackers to pinpoint exact physical locations. [1]
The technique is called trilateration. By creating fake accounts and measuring distances from different positions, researchers determined user locations within 2-10 meters. That's accurate enough to identify your apartment building, your workplace, your gym.
For Hornet, researchers achieved 10-meter accuracy. After the company patched the vulnerability, accuracy was only reduced to 50 meters. Still enough to find you. [5]
OkCupid's 2023 Vulnerability
Cybernews found hackers could track any OkCupid user to within a 10-20 meter radius. "With a few simple steps, we can easily track anyone on OkCupid in a given city, from home, to work, to social gatherings." Match Group owns OkCupid. [6]
The Data Broker Pipeline
How a Catholic Group Outed Gay Priests
In July 2021, Monsignor Jeffrey Burrill, the top administrator at the U.S. Conference of Catholic Bishops, resigned. The Catholic newsletter The Pillar had purchased "commercially available" Grindr location data from a data broker and tracked his usage from 2018 to 2020. [3]
But it didn't stop there. A group called Catholic Laity and Clergy for Renewal spent approximately $4 million purchasing app data from 2018 to 2021. They bought location data from Grindr, Growlr, Scruff, Jack'd, and OkCupid, then cross-referenced it with church residences, workplaces, and seminaries. They continued outing priests for at least a year after Burrill's resignation. [3]
The Wall Street Journal confirmed in 2022 that Grindr sold location data to ad networks.
Who Gets Your Data
All dating apps examined transmitted user data to at least 135 different third parties. The Android advertising ID alone was shared with at least 70 different companies. [7]
Specific recipients include:
- Google and Facebook: Embedded in most apps
- Twitter-owned MoPub: Advertising software in Grindr
- Apptimize and Localytics: Received Grindr data (the basis for Norway's fine)
- X-Mode: Compiled location data from Muslim Mingle, sold to U.S. government
- OpenAI: Powers Bumble's AI Icebreakers feature (raising GDPR concerns)
Regulatory Actions and Fines
Grindr: $6.12 Million Fine (Upheld July 2024)
Norway's Data Protection Authority fined Grindr NOK 65 million ($6.12 million), the highest fine the agency has ever imposed. The Oslo District Court upheld it in July 2024. [8]
The violation: Between July 2018 and April 2020, Grindr shared user data, including GPS location, IP address, mobile advertising ID, age, gender, and data revealing sexual orientation, with advertising companies Apptimize and Localytics. Without consent.
The UK's Information Commissioner's Office issued Grindr a reprimand in July 2022 for the same practices.
Match Group: $14 Million Settlement (August 2025)
Match Group, owner of Tinder, Hinge, Match.com, and dozens of other apps, agreed to pay $14 million to the FTC. The allegations: Match sent users notifications about likes and favorites to induce paid subscriptions. Many of those communications were from accounts Match itself had identified as fraudulent. [9]
Between 2013 and 2016, more than half of instant message initiations and favorites originated from accounts Match flagged as "fraudulent." Between June 2016 and May 2018, nearly 500,000 subscriptions were purchased within 24 hours of receiving misleading ads. [9]
Match admitted no liability. The $14 million represents 5% of what the FTC originally demanded.
Bumble: $40 Million Settlement (October 2024)
Bumble and Badoo agreed to pay $40 million to settle a class action lawsuit over biometric data. The apps collected facial geometry scans from profile photos without consent, violating Illinois' Biometric Information Privacy Act. [10]
The Breach Epidemic
Tea App: 1.6 Million Users Exposed (July 2025)
In July 2025, the Tea dating app suffered a catastrophic breach:
- July 25: 72,000 user images exposed, including 13,000 sensitive selfies and ID documents
- July 28: 1.1 million private messages leaked
- Total: Over 59GB of data affecting more than 1.6 million users
Two class action lawsuits have been filed. [11]
Gravy Analytics: 40,000 Apps Affected (January 2025)
A massive breach at location data broker Gravy Analytics exposed 380 million location data points from 137 countries. Affected apps included Tinder, Grindr, and other dating platforms. Approximately 20 million people in Britain alone used affected apps. [12]
The Pattern
Half of dating apps Mozilla reviewed had experienced a data breach, leak, or hack in the past three years. And dating apps take longer to report breaches than any other industry, an average of 4.8 months. [4]
LGBTQ+ Users Face Elevated Risks
Extortion and Blackmail
The FTC has issued specific warnings about extortion scams targeting LGBTQ+ users on apps like Grindr and Feeld. The pattern: scammer poses as romantic interest, exchanges explicit photos, then demands up to $10,000 or threatens to send materials to family, friends, and employers. [13]
Grindr extortion horror stories obtained through FOIA requests show victims threatened with exposure to family, employers, and financial demands ranging from hundreds to thousands of dollars.
International Dangers
In Nigeria, LGBTQ+ individuals are lured through dating apps and filmed for blackmail in attacks called "Kito." 97% of Nigeria's population opposes same-sex marriage. [14]
In Uganda, Human Rights Watch documented in 2025 how authorities use dating apps to extort, entrap, and arrest queer people following the 2023 Anti-Homosexuality Act. [14]
Security researchers have shown that attackers can infer user locations on Grindr, Hornet, and Jack'd with "surprising accuracy" by running multiple fake accounts. For LGBTQ users in hostile countries, exposure can mean harassment, blackmail, imprisonment, or death.
Surveillance as a Weapon
Facial recognition services like Cheaterbuster and CheatEye claim to uncover Tinder profiles using a single photo, and can narrow down a user's neighborhood. Privacy experts describe them as "perfect stalking tools" that turn intimate relationships into surveillance. [15]
How to Protect Yourself
Limit What You Share
- Use a pseudonym: Don't use your real name until you're ready
- Get a burner number: Google Voice or similar before sharing your real number
- Don't link social media: Instagram connections reveal your real identity
- Skip optional fields: Political views, employer, school, all unnecessary
Control Location Access
- Grant location only "while using": Never "always"
- Check background app refresh: Some apps track location even when closed
- Consider VPN: Masks your IP address from the app
- Be aware: Trilateration can still estimate your location from distance data
Protect Your Identity
- Use unique photos: Reverse image search can link your dating profile to other accounts
- Don't share ID documents: Legitimate apps don't need your driver's license in chat
- Be cautious with video calls: Deepfakes and recording are real threats
For LGBTQ+ Users in Hostile Environments
- Use apps with discretion features: Some apps can disguise as calculators or hide from app store
- Be extremely cautious: Don't share photos showing identifiable locations
- Use secure messaging: Move conversations to Signal quickly
- Trust your instincts: If something feels wrong, it probably is
The Corporate Consolidation Problem
Two companies own about half of all dating apps:
- Match Group: Tinder, OkCupid, Hinge, Match, Plenty of Fish, BLK, BlackPeopleMeet
- Spark Network: Christian Mingle, JDate, Elite Singles
When the same company owns multiple apps, your data can be shared across all of them. Your Hinge profile data might inform what ads you see on Tinder. Nearly half of all online dating users in the U.S. have used a Match Group platform. More than half believe they've encountered a scammer. [9]
The Bottom Line
Dating apps collect the most intimate data imaginable, your sexual orientation, HIV status, location history, messages, and behavioral patterns. They share it with hundreds of third parties, suffer regular breaches, and face minimal accountability.
Grindr's $6 million fine? A rounding error for a company valued at billions. Match Group's $14 million settlement? 5% of what the FTC wanted, with no admission of wrongdoing.
The reality:
- Assume your data will be shared with advertisers, data brokers, and government agencies
- Assume your location is trackable to within meters
- Assume breaches will happen and your data will be exposed
- Protect yourself accordingly, pseudonyms, burner numbers, minimal data sharing
You're not paranoid. You're just paying attention. These apps are designed to extract maximum data while providing minimum privacy. Use them if you need to, but understand what you're giving up.
References
- Dark Reading - Swipe Right for Data Leaks: Dating Apps Expose Location, More (August 2024)
- Surfshark - List of the most data-hungry dating apps
- Metro Weekly - Catholic Group Spent Millions to Track Gay Priests on Grindr, Scruff (March 2023)
- Mozilla Foundation - Data-Hungry Dating Apps Are Worse Than Ever for Your Privacy (April 2024)
- Check Point Research - The Illusion of Privacy: Geolocation Risks in Modern Dating Apps (2024)
- Cybernews - OkCupid location vulnerability (December 2023)
- WeLiveSecurity - Dating apps accused of sharing users' intimate data with advertisers
- Cybernews - Grindr's record $6 million data-sharing fine upheld (July 2024)
- FTC - Match Group Agrees to Pay $14 Million (August 2025)
- Top Class Actions - $40M Bumble, Badoo BIPA class action settlement (October 2024)
- Appknox - Tea App Data Breach 2025: Security Flaws, Analysis & Prevention Tips
- Netzpolitik - Databroker Files: New data set reveals 40,000 apps behind location tracking
- FTC - How to spot extortion scams on LGBTQ+ dating apps
- Context - Dating apps' lack of safeguards put LGBTQ+ Africans at risk
- Biometric Update - Facial recognition turns dating apps into a new surveillance front