You might think that a dating app that knows your sexual orientation, sexual status, and HIV would take all-out precautions to keep this information protected, but Grindr has disappointed the world again – this time, with a terrible vulnerability that could allow Literally anyone can guess your email address In your user account.
Fortunately, the French security researcher Wassime Bouimadaghene Discover the vulnerability, perhaps before it can be exploited, and it is now fixed.
Unfortunately for Grindr, the company ignored his disclosures – even security researcher Troy Hunt (who You’ve been Pwned) And journalist Zach Whitaker (from TechCrunch) Each Confirm the problem And the Wrote about it.
Details have to be seen in order to be believed (so please look at the image above) but the short version is as follows: If you put an email address into the Grindr Password Reset form, a message will be sent to your web browser using The key you need to reset the password Buried inside.
You could then theoretically copy and paste that key into the password reset URL (which Hunt did), and grab an account just like this.
Said Rick Marigny, Grindr COO TechCrunch “We believe we have addressed the problem before it is exploited by any malicious parties,” he says, adding that Grindr will partner with a “leading security company” and offer a bug bounty program. Hopefully, that means security researchers like Pomadagine will have an easier time communicating.
Again, this is not just an app with some messages in it. Grindr users include LGBTI individuals, and the mere presence of the app on a person’s phone can indicate something about their sexuality that they may not want to reveal to the outside world. However, this is the company that was arrested Share their users’ HIV status to other companiesAnd participation Other personal information for external advertisers.
However, it might be a slightly different company now. In March this year, the Chinese owners of the company He sold it to a group of American investors, Who also became Grindr’s new management. Marini, the COO quoted by TechCrunch, was an investor in the group. Another, Jeff Bonforte, is the company’s new CEO.
