Grindr Security Flaw Puts Users at Risk of Being Hacked

by Kevin Schattenkirk

EDGE Media Network Contributor

Thursday October 8, 2020

A security flaw in the gay dating app Grindr was recently discovered, putting user accounts at risk of being taken over by malicious actors, Tech Crunch reports.

The vulnerability in the app was discovered by French security researcher Wassime Bouimadaghene. Essentially, the problem for users occurred during password reset — when Grindr would email users a clickable link with an account password reset token. At this point, a user could change their password.

However, the password reset tokens were leaked to the browser. As a consequence, hackers with knowledge of a user's registered email with Grindr could find and collect the tokens. By formatting a clickable reset link in the exact fashion of Grindr's, malicious actors can then use the password token collected from the unknowing user's browser. This would allow malicious actors access to personal data from the unknowing user's Grindr account — including sexual orientation, HIV status, photos and messages.

Grindr's chief operating officer Rick Marini issued a statement to Tech Crunch ensuring the app will partner with a security firm to further protect users and their data from malicious hacking.

Kevin Schattenkirk is an ethnomusicologist and pop music aficionado.