You would think that a dating application that knows your sexuality and HIV status would take complete precautionary measures to protect that information, but Grinder has disappointed the world again – this time, with a terrible security vulnerability Anyone who can guess your email address In your user account.
Fortunately, the French security researcher Wassim Pomidken Found the vulnerability, perhaps even before it was exploited, and now it has been fixed.
Unfortunately for Grinder, the company ignored his revelations – security researcher Troy Hunt (in) I have become Pwned) And journalist Zack Whittaker (of Tech Crunch) Each Confirmed the problem And Wrote about it.
The details should be trusted (so check out the image above) but the short version is this: if you put an email address in Grinder’s password reset form it will send a message to your web browser The key you need to reset the password Buried within it.
You can theoretically copy and paste that key into the password reset URL (which Hunt did) and take such an account.
Grindr COO Rick Marini said Tech Crunch “We hope we faced this problem before it was exploited by any malicious party,” Grinder said, adding that the two will partner with “the leading security company” and introduce the bug bounty scheme. It hopes to have an easier time contacting defense researchers like Bouimadaghene.
Again, this is not the only application with a few messages. Grindr users may indicate something about homosexuals, couples, trans and bizarre individuals, and their sexuality that does not want to reveal the existence of the app on a person’s phone to the outside world. Yet this is the captured company Shares the HIV status of its users with other companies, And sharing Other personal information for third party advertisers.
That said it may be a slightly different company now. This March, the Chinese owners of the company He sold it to a group of American investors, Also became the new management of the grinder. COO Marini, cited by TechCrunch, is one of the investors in the group. Another, Jeff Bonford, is the company’s new CEO.