Skip to content

whedontube

Technology

whedontube

Technology

  • computer
  • gadget
  • internet
  • programming
  • seo
  • software
    • technology
  • website

A shameful security flaw could have let anyone access your Grindr account

 [email protected]_84  October 3, 2020  Posted in technology

You would think a dating app that knows your sexuality and HIV status would take thorough precautions to keep that info protected, but Grindr has disappointed the world once again — this time, with a gobsmackingly egregious security vulnerability that could have let literally anyone who could guess your email address into your user account.





Luckily, French security researcher Wassime Bouimadaghene discovered the vulnerability, perhaps before it could be exploited, and it’s now been fixed.

Unluckily for Grindr, the company ignored his disclosures — until security researcher Troy Hunt (of Have I Been Pwned) and journalist Zack Whittaker (of TechCrunch) each confirmed the issue and wrote about it.

The details need to be seen to be believed (so please look at the image below) but the short version is this: if you put an email address into Grindr’s password reset form, it would send a message back to your web browser with the key you need to reset the password buried inside it.



graphical user interface, text, application


© Provided by The Verge


You could then theoretically just copy and paste that key into a password reset URL (which Hunt did), and take over an account just like that.

Loading...

Load Error

Grindr COO Rick Marini told TechCrunch that “we believe we addressed the issue before it was exploited by any malicious parties,” and says Grindr will both partner with a “leading security firm” and introduce a bug bounty program. That should hopefully mean security researchers like Bouimadaghene will have an easier time getting in touch.

Grindr data is particularly sensitive

Again, this isn’t just an app that contains a few messages. Grindr users include gay, bi, trans and queer individuals, and the mere presence of the app on a person’s phone can indicate something about their sexuality they may not want revealed to the outside world. And yet this is the company that was caught sharing its users’ HIV status to other companies, and sharing other personal info to third-party advertisers.

That said, it might be a slightly different company now. This March, the company’s Chinese owners sold it to a group of US investors, who also became Grindr’s new management. Marini, the COO quoted by TechCrunch, was one of the investors in the group. Another, Jeff Bonforte, is the company’s new CEO.

Continue Reading

Source Article

Author: [email protected]_84
Tagged access, Account, flaw, Grindr, security, shameful

Post navigation

Two North American hospitality merchants hacked in May and June →
← Secrets To Creating Software That Customers Love

Recent Posts

  • Learn The Secrets and techniques To Starting An Condo Finders
  • Computer Viruses And The Detrimental Influence On Enterprise
  • Characteristics Of The Tablet PC
  • Top 5 Useful Gadgets For A Building Worker
  • How Technology Is Growing Bullying On And Off Faculty Campuses

Archives

  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019

Categories

  • computer
  • gadget
  • General
  • internet
  • programming
  • seo
  • software
  • technology
  • website
  • Advertise Here
  • Disclosure Policy
  • Contact Us
  • Sitemap
March 2021
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  
« Feb    

Tags

amazon Announces app apple Big billion boost business computer COVID19 data Day digital facebook Free gadget gadgets google growth internet iPhone Launch Launches market microsoft million News online Pandemic prime programming public raises registration search SEO series software startup tech technology twitter voter website websites
  • Home
  • Advertise Here
  • Contact Us
  • Disclosure Policy
  • Sitemap

Copyright © 2021 whedontube

Design by ThemesDNA.com