As reported by TechCrunch’s Zack Whitaker, the flaw was discovered by French security researcher Wassime Bouimadaghene, who reported it to Grindr, only for his reports to be ignored by the company.

Bouimadaghene then reached out to Troy Hunt, a fellow researcher and the founder of the website ‘Have I Been Pwned’, which allows users to check whether their email has been exposed in security breaches.

Hunt then verified that Grindr accounts could easily be compromised by copying and pasting code from the website’s password reset page, meaning anyone that knew where to look could easily hijack accounts on the app.

In a statement, chief operating officer of Grindr Rick Marini said: “We are grateful for the researcher who identified a vulnerability. The reported issue has been fixed. Thankfully, we believe we addressed the issue before it was exploited by any malicious parties.”

The company has also said it will partner with security researchers to create a more simplified system for people to report vulnerabilities in the app’s security. It has also said it will soon announce a bug bounty program “to provide additional incentives for researchers to assist us in keeping our service secure going forward”.

Grindr is one of the world’s most popular dating apps in general, and is, according to Grindr itself, “the world’s largest dating app for gay, with a, trans and queer people”.

Given that LGBT people experience serious targeted discrimination and harassment around the world, even having an account on the app can prove sensitive and potentially endangering information.

In 2014, Egyptian police were found to be using Grindr and other social media to “trap gay people”. In Egypt, public ‘homosexual acts’ are illegal, though homosexuality itself technically is not.

Tags:
App Security,
Apps,
Cybersecurity,
Grindr,
Security Flaw

See more articles by Eva Short

Want more of the latest news, sport & entertainment? Sign up to our newsletter!:

Buzz.ie is Irelandsnewest, best and brightest Website. For advertising contact [email protected].
Got a story? Contact [email protected].

You may see ads that are less relevant to you. These ads use cookies, but not for personalisation.

Source: https://www.buzz.ie/tech/grindr-password-reset-security-flaw-accounts-exposed-391809

Grindr, Online dating application, Security

World news – THAT – Grindr password reset security flaw leaves accounts exposed | Buzz.ie

Building on its expertise in the areas of digital, technologies and processes , CSS Engineering you in your most ambitious transformation projects and helps you bring out new ideas, new offers, new modes of collaboration, new ways of producing and selling.

CSS Engineering is involved in projects each customer as if it were his own. We believe a consulting company should be more than an advisor. We put ourselves in the place of our customers, to align we incentives to their goals, and collaborate to unlock the full potential their business. This establishes deep relationships and enjoyable.

Our services:

  1. Create professional websites
  2. Hosting high performance and unlimited
  3. Sale and video surveillance cameras installation
  4. Sale and Installation of security system and alarm
  5. E-Marketing

All our achievements here https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here