Grindr has a security vulnerability that could have let anyone who could guess your email address into your user account. Grindr’s security vulnerability could have allowed anyone who knew your email addresses into your account account.
French security researcher wassime bouimadaghene discovered the vulnerability before it could be exploited. It’s now been fixed.
The company ignored Grindr’s disclosures. Security researcher Troy hunt and journalist Zack Whittaker each confirmed the issue and wrote about it.
If you put an email address into Grindr’s password reset form, it would send a message back to your web browser with the key you need to reset the password buried inside it.
You could then just copy and paste that key into a password reset URL, and take over an account just like that. You can then then take over a account like that, and then take an account that like that.
Grindr COO Rick Marini said that’we believe we addressed the issue before it was exploited by any malicious parties’. That should mean security researchers like bouimadaghene will have an easier time getting in touch with a’leading security firm’.
Grindr users include gay, BI, trans and queer individuals. The presence of the app on a person’s phone can indicate something about their sexuality they may not want revealed to the outside world.
Hey there, my fellow tech enthusiasts! It's your favorite funny guy who loves all things…
Hey there, fellow tech enthusiasts! It's Nuked here, ready to bring you some news about…
Hey there, my fellow tech enthusiasts! It's your funny guy Nuked here, ready to share…
Hey there, my awesome followers! It's your favorite funny tech guy, Nuked, here to bring…
Hey there, my fellow tech enthusiasts! It's your funny guy Nuked here, ready to bring…
Hey there, fellow tech enthusiasts! It's your funny guy Nuked here, ready to bring you…