A shameful security flaw could have let anyone access your Grindr account

You would think a dating app that knows your sexuality and HIV status would take thorough precautions to keep that info protected, but Grindr has disappointed the world once again — this time, with a gobsmackingly egregious security vulnerability that could have let literally anyone who could guess your email address into your user account.

Luckily, French security researcher Wassime Bouimadaghene discovered the vulnerability, perhaps before it could be exploited, and it’s now been fixed.

Unluckily for Grindr, the company ignored his disclosures — until security researcher Troy Hunt (of Have I Been Pwned) and journalist Zack Whittaker (of TechCrunch) each confirmed the issue and wrote about it.

The details need to be seen to be believed (so please look at the image below) but the short version is this: if you put an email address into Grindr’s password reset form, it would send a message back to your web browser with the key you need to reset the password buried inside it.

You could then theoretically just copy and paste that key into a password reset URL (which Hunt did), and take over an account just like that.

Grindr COO Rick Marini told TechCrunch that “we believe we addressed the issue before it was exploited by any malicious parties,” and says Grindr will both partner with a “leading security firm” and introduce a bug bounty program. That should hopefully mean security researchers like Bouimadaghene will have an easier time getting in touch.

Again, this isn’t just an app that contains a few messages. Grindr users include gay, bi, trans and queer individuals, and the mere presence of the app on a person’s phone can indicate something about their sexuality they may not want revealed to the outside world. And yet this is the company that was caught sharing its users’ HIV status to other companies, and sharing other personal info to third-party advertisers.

That said, it might be a slightly different company now. This March, the company’s Chinese owners sold it to a group of US investors, who also became Grindr’s new management. Marini, the COO quoted by TechCrunch, was one of the investors in the group. Another, Jeff Bonforte, is the company’s new CEO.

Related Articles

A new meme generator lets you drop Bernie Sanders and his chair around the world

You may have seen the many memes of Sen. Bernie Sanders sitting at President Joe Biden’s inauguration (we even did a rundown...

Dems push Facebook, Twitter, and YouTube for anti-radicalization changes after Capitol attack

Only hours after gaining full control of Congress, House Democrats are going after Facebook, Twitter, and YouTube for the platforms’ perceived roles...

Honor announces its first post-Huawei phone

Honor has announced the new V40 5G flagship phone, its first since Huawei sold the company off to a Shenzhen-based consortium of...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Stay Connected

21,330FansLike
0FollowersFollow
0SubscribersSubscribe

Latest Articles

A new meme generator lets you drop Bernie Sanders and his chair around the world

You may have seen the many memes of Sen. Bernie Sanders sitting at President Joe Biden’s inauguration (we even did a rundown...

Dems push Facebook, Twitter, and YouTube for anti-radicalization changes after Capitol attack

Only hours after gaining full control of Congress, House Democrats are going after Facebook, Twitter, and YouTube for the platforms’ perceived roles...

Honor announces its first post-Huawei phone

Honor has announced the new V40 5G flagship phone, its first since Huawei sold the company off to a Shenzhen-based consortium of...

You can now play Resident Evil Village’s ‘Maiden’ demo on PS5

If you’ve got a PlayStation 5, you probably know there’s not a lot to play right now — particularly if you’ve already...

Alphabet is shutting down Loon, its internet balloon company

Alphabet is shutting down Loon, its division that provides internet from floating balloons, according to a post on the blog of Alphabet’s...