Home / Apple / Grindr errors allowed account hijacking with only one email address

Grindr errors allowed account hijacking with only one email address



While Grindr quickly resolved the issue after hearing from Hunt, the incident highlighted the platform’s shortcomings in terms of security. And it’s a big problem when the dating app targets individuals whose sexual orientations and identities can make them a target for harassment and violence. This is not the first security issue Grindr has had to deal with. Back in 2018, it had a couple of errors that risked revealing the user’s location. Earlier this year, the Consumer Council published a report accusing Grindr and other dating services of spreading sensitive information, such as GPS locations.

Grindr boss Rick Marini told TechCrunch that in response to the discovery of this particular flaw, it is taking further steps to tighten security measures. It makes it easier for researchers to report vulnerabilities, and it promises to announce a new bug bounty program “soon.”

;

“We are grateful to the researcher who identified a vulnerability. The reported issue has been resolved. Fortunately, we believe we addressed the issue before it was exploited by malicious parties.

As part of our commitment to improving the safety and security of our service, we work with a leading security firm to simplify and improve the ability of security researchers to report issues such as these. In addition, we will soon announce a new bug bounty program to provide additional incentives for researchers to help us secure our service going forward. ”


Source link