Home Tech A shameful security flaw could have allowed anyone to access your Grindr...

A shameful security flaw could have allowed anyone to access your Grindr account

91
0
A shameful security flaw could have allowed anyone to access your Grindr account

You might think that a dating app that knows your sexual orientation, sexual status, and HIV would take all-out precautions to keep this information protected, but Grindr has disappointed the world again – this time, with a terrible vulnerability that could allow Literally anyone can guess your email address In your user account.

Fortunately, the French security researcher Wassime Bouimadaghene Discover the vulnerability, perhaps before it can be exploited, and it is now fixed.

Unfortunately for Grindr, the company ignored his disclosures – even security researcher Troy Hunt (who You’ve been Pwned) And journalist Zach Whitaker (from TechCrunch) Each Confirm the problem And the Wrote about it.

Details have to be seen in order to be believed (so please look at the image above) but the short version is as follows: If you put an email address into the Grindr Password Reset form, a message will be sent to your web browser using The key you need to reset the password Buried inside.

You could then theoretically copy and paste that key into the password reset URL (which Hunt did), and grab an account just like this.

Said Rick Marigny, Grindr COO TechCrunch “We believe we have addressed the problem before it is exploited by any malicious parties,” he says, adding that Grindr will partner with a “leading security company” and offer a bug bounty program. Hopefully, that means security researchers like Pomadagine will have an easier time communicating.

Again, this is not just an app with some messages in it. Grindr users include LGBTI individuals, and the mere presence of the app on a person’s phone can indicate something about their sexuality that they may not want to reveal to the outside world. However, this is the company that was arrested Share their users’ HIV status to other companiesAnd participation Other personal information for external advertisers.

However, it might be a slightly different company now. In March this year, the Chinese owners of the company He sold it to a group of American investors, Who also became Grindr’s new management. Marini, the COO quoted by TechCrunch, was an investor in the group. Another, Jeff Bonforte, is the company’s new CEO.

See also  The last bosses compete in video DLCs, who will win? - Multiplayer.it
Previous articleCovid: The UK reports more than 10,000 cases daily for the first time
Next articleCollege Football Results, NCAA Top 25 Rankings, Table, Matches Today: Oklahoma, LSU, Looking To Bounce

LEAVE A REPLY

Please enter your comment!
Please enter your name here