Friday, January 15, 16:29
Home security Grindr: Error allows access to your account!

Grindr: Error allows access to your account!

A defect security could allow anyone to obtain access at account on Grindr.

Many would think that a dating app that knows your sexuality and HIV status would take detailed precautions to keep this information protected, but the Grindr app has disappointed people once again - this time, with an extremely formidable security vulnerability that could allow literally anyone to guess the address e-mail in your user account.

Grindr: Error allows access to your account!
Grindr: Error allows access to your account!

Fortunately, the French security researcher Wassime Bouimadaghene discovered her vulnerability, and if users are lucky, it will not have time to be used, and now it has been fixed.

Unfortunately for Grindr, the company ignored its revelations until the security investigator Troy Hunt (of Have I Have Pwned) and the journalist Zack Whittaker (of TechCrunch) confirmed the issue and wrote about it.

For skeptics there are details available, but the short version is this: if you put an email address in reset form code Grindr access, would send a message back to your browser with the key you need to reset the password stored in it.

You could theoretically just copy and paste this key into a password reset URL (made by Hunt) and get an account just like that.

Ο President and CEO of Grindr, Rick Marini, told TechCrunch that "we believe we addressed the issue before it was exploited by malicious agents" and said Grindr would work with a "leading security company" to present a program bug bounty. This hopefully means that security researchers like Bouimadaghene, will have an easier time to get in touch.

Note that this is not just an application that contains just a few messages. Grindr users include individuals gay, bi, tranny and queer, and the mere presence of the app on a person's phone can indicate something about their sexuality that they may not want to reveal to the world.

Grindr: Error allows access to your account!

However, this is the company that was caught sharing its users' HIV status with other companies and sharing other personal information with third-party advertisers.

It may be a slightly different company now, while in March, the Chinese owners of the company sold it to a group of investors. USA, who also became the new address of Grindr. Marini, the COO, was one of the group's investors. Another, Jeff Bonforte, is the company's new CEO, according to The Verge.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

LIVE NEWS

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...

Facebook: Sues Chrome extensions developers for data theft

Facebook has filed a lawsuit against two Portuguese nationals for developing Chrome extensions that collected data from Facebook users.

Cisco does not fix 74 bugs in RV routers that have reached their EOL

Cisco said yesterday that it will not release firmware updates to fix 74 vulnerabilities that have been reported in ...

Hacker commits new crimes while waiting for his release!

A Kosovo hacker was pardoned after his conviction. The hacker provided personally identifiable information over 1.000 ...

Nintendo rules out Game & Watch video hacking

Two copyright claims against a YouTuber have been filed by Nintendo, for a video showing hacking of Super Mario ...