Serious Grindr Vulnerability Let Hackers Hijack User Accounts With Just an Email Address

The popular LGBT+ hook-up app Grindr has fixed a glaring security flaw that allowed hackers to take over any account if they knew the user’s registered email address, TechCrunch reports .

But after he shared his discovery with Grindr and was met with radio silence, he decided to team up with Australian security expert Troy Hunt, a regional director at Microsoft and the creator of the world’s largest database of stolen usernames and passwords, Have I Been Pwned?

Hunt shared these findings with the outlet and on his website Friday, explaining that the problem stemmed from Grindr’s process for letting users reset their passwords.

After testing and confirming the vulnerability, Hunt tagged Grindr in a tweet on Thursday asking for contact information for the company’s security team.

Grindr did not immediately respond to Gizmodo’s request for comment, but the company’s chief operating officer Rick Marini providing the following statement to TechCrunch:

In 2018, Grindr was forced to acknowledge that it shared information on users’ HIV status with third-party companies for optimization purposes following a damning Buzzfeed investigation .

Powered by Blogger.