Popular dating app Tinder may have been letting on a little more about its users than their shared interests and profile photos. According to security firm Include Security, a vulnerability in the smartphone app may have been exposing private user data and their exact whereabouts throughout the previous year.

On Wednesday, Include Security officials announced that they had located a serious vulnerability in Tinder’s geolocation software, which was active on the app for most of 2013. Although the flaw was fixed earlier this year, it had already been abused by at least one Tinder user according to sources at Include Security. When accessed, the flaw allowed access to the exact coordinates of other users.

Tinder have yet to comment on the security flaw, though it is likely that the vulnerability was only ever used by one particularly advanced user who had thorough knowledge of programming skills and the app’s API. Security experts pointed out the security bug to Tinder in October 2013, and have reported that it was fixed in January 2014.