As reported by TechCrunch’s Zack Whitaker, the flaw was discovered by French security researcher Wassime Bouimadaghene, who reported it to Grindr, only for his reports to be ignored by the company.
Bouimadaghene then reached out to Troy Hunt, a fellow researcher and the founder of the website ‘Have I Been Pwned’, which allows users to check whether their email has been exposed in security breaches.
Hunt then verified that Grindr accounts could easily be compromised by copying and pasting code from the website’s password reset page, meaning anyone that knew where to look could easily hijack accounts on the app.
In a statement, chief operating officer of Grindr Rick Marini said: “We are grateful for the researcher who identified a vulnerability. The reported issue has been fixed. Thankfully, we believe we addressed the issue before it was exploited by any malicious parties.”
The company has also said it will partner with security researchers to create a more simplified system for people to report vulnerabilities in the app’s security. It has also said it will soon announce a bug bounty program “to provide additional incentives for researchers to assist us in keeping our service secure going forward”.
Grindr is one of the world’s most popular dating apps in general, and is, according to Grindr itself, “the world’s largest dating app for gay, with a, trans and queer people”.
Given that LGBT people experience serious targeted discrimination and harassment around the world, even having an account on the app can prove sensitive and potentially endangering information.
In 2014, Egyptian police were found to be using Grindr and other social media to “trap gay people”. In Egypt, public ‘homosexual acts’ are illegal, though homosexuality itself technically is not.
See more articles by Eva Short
Want more of the latest news, sport & entertainment? Sign up to our newsletter!:
Grindr, Online dating application, Security
World news – THAT – Grindr password reset security flaw leaves accounts exposed | Buzz.ie