As reported by TechCrunch’s Zack Whitaker, the flaw was discovered by French security researcher Wassime Bouimadaghene, who reported it to Grindr, only for his reports to be ignored by the company. 

Bouimadaghene then reached out to Troy Hunt, a fellow researcher and the founder of the website ‘Have I Been Pwned’, which allows users to check whether their email has been exposed in security breaches.

Hunt then verified that Grindr accounts could easily be compromised by copying and pasting code from the website’s password reset page, meaning anyone that knew where to look could easily hijack accounts on the app.

In a statement, chief operating officer of Grindr Rick Marini said: “We are grateful for the researcher who identified a vulnerability. The reported issue has been fixed. Thankfully, we believe we addressed the issue before it was exploited by any malicious parties.”

The company has also said it will partner with security researchers to create a more simplified system for people to report vulnerabilities in the app’s security. It has also said it will soon announce a bug bounty program “to provide additional incentives for researchers to assist us in keeping our service secure going forward”.

Grindr is one of the world’s most popular dating apps in general, and is, according to Grindr itself, “the world’s largest dating app for gay, bi, trans and queer people”.

Given that LGBT people experience serious targeted discrimination and harassment around the world, even having an account on the app can prove sensitive and potentially endangering information. 

In 2014, Egyptian police were found to be using Grindr and other social media to “trap gay people”. In Egypt, public ‘homosexual acts’ are illegal, though homosexuality itself technically is not.

Tags:
App Security,
Apps,
Cybersecurity,
Grindr,
Security Flaw

See more articles by Eva Short

Want more of the latest news, sport & entertainment? Sign up to our newsletter!:

Buzz.ie is Irelands’ newest, best and brightest Website. For advertising contact [email protected]
Got a story? Contact [email protected]

You may see ads that are less relevant to you. These ads use cookies, but not for personalisation.

Source: https://www.buzz.ie/tech/grindr-password-reset-security-flaw-accounts-exposed-391809

Grindr, Online dating application, Security

World news – CA – Grindr password reset security flaw leaves accounts exposed | Buzz.ie

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here