WASHINGTON, D.C. – Security experts are warning users of mainstream dating apps like Tinder and Grindr their personal data may be showing.

According to Patrick Wardle and Colby Moore of cybersecurity firm Synack, a flaw in the apps makes users’ location data visible to anyone who knows how to look for it.

During a hacker conference earlier this month, the pair of researchers revealed how they used a server-spoofing hack to thwart shoddy encryption, allowing them to track Tinder users’ real-world movements for days at a time. The flaw exists not only in dating apps, but also in some popular games like Angry Birds and customer loyalty apps, the researchers said.

“If you track a person’s public movements, you can generate an incredible amount of personal data,” Wardle told conference attendees.

The flaw could put some ethnic and lifestyle groups at particular risk of stalking, Moore noted. Using Grindr as an example, he compiled snapshots of 15,000 gay and bisexual male users in the San Francisco area with relative ease. In Egypt, the app already has been used to identify and track men who violate the country’s homosexuality ban, he said.

When Moore approached Grindr about the problem, the company updated its security in countries known to be gay-unfriendly, but declined to update the app overall because location tracking is part of the software’s “core functionality.”