Many would think that a dating app that knows your sexuality and HIV status would take detailed precautions to keep this information protected, but the Grindr app has disappointed people once again - this time, with an extremely formidable security vulnerability that could allow literally anyone to guess the address Email in your user account.
Fortunately, the French security researcher Wassime Bouimadaghene discovered her vulnerability, and if users are lucky, it will not have time to be used, and now it has been fixed.
Unfortunately for Grindr, the company ignored its revelations until the security investigator Troy Hunt (of Have I Been Pwned) and the journalist Zack Whittaker (of TechCrunch) confirmed the issue and wrote about it.
12th Infocom Security 2022 - Presentations and interviews
Zoe Konstantopoulou: Developments at STE for Mr Bitcoin
Giannis Andreou LIVE: Crypto, NFT, Metaverse forecasts
LIVE: GoldDigger credential detection & PinataHub platform
LIVE: SocialTruth project - The fake news detection system
SocialTruth European Project - Live Interview Coming Soon
For skeptics there are details available, but the short version is this: if you put an email address in reset form code Grindr access, would send a message back to your browser with the key you need to reset the password stored in it.
You could theoretically just copy and paste this key into a password reset URL (made by Hunt) and get an account just like that.
Ο COO of Grindr, Rick Marini, told TechCrunch that "we believe we addressed the issue before it was exploited by malicious agents" and said Grindr would work with a "leading security company" to present a program bug bounty. This hopefully means that security researchers like Bouimadaghene, will have an easier time to get in touch.
Note that this is not just an application that contains just a few messages. Grindr users include individuals gay, bi, tranny and queer, and the mere presence of the app on a person's phone can indicate something about their sexuality that they may not want to reveal to the world.
However, this is the company that was caught sharing its users' HIV status with other companies and sharing other personal information with third-party advertisers.
It may be a slightly different company now, while in March, the Chinese owners of the company sold it to a group of investors. USA, who also became the new address of Grindr. Marini, the COO, was one of the group's investors. Another, Jeff Bonforte, is the company's new CEO, according to The Verge.