We all know that software vulnerabilities are a common issue plaguing apps on every platform imaginable. Things get a tad more complicated when we’re talking about sensitive apps like Grindr, for example. A French security researcher named Wassime Bouimadaghene found a critical vulnerability in the dating app, which allows hackers to easily hijack accounts simply by using victims’ email.
Wassime tried to file a ticket on Grindr’s support page but it was subsequently deleted. The Frenchman then contacted two other security researchers in order to shine a light on the issue. It was only after one of them (Troy Hunt) posted about the problem on Twitter that Grindr’s own security team got involved.
The vulnerability exploits the “forgotten password” scenario. Attackers only need to enter the victim’s email and then open the dev console to get a “password reset” token. Armed with it, they can easily change the password and hijack the account. One of the security researchers called the issue “one of the most basic account takeover techniques.”
"Image - Troy Hunt"
“We are grateful for the researcher who identified a vulnerability. The reported issue has been fixed. Thankfully, we believe we addressed the issue before it was exploited by any malicious parties. As part of our commitment to improving the safety and security of our service, we are partnering with a leading security firm to simplify and improve the ability for security researchers to report issues such as these. In addition, we will soon announce a new bug bounty program to provide additional incentives for researchers to assist us in keeping our service secure going forward,” Grindr chief operating officer Rick Marini told TechCrunch.
Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
Mariyan, a tech enthusiast with a background in Nuclear Physics and Journalism, brings a unique perspective to PhoneArena. His childhood curiosity for gadgets evolved into a professional passion for technology, leading him to the role of Editor-in-Chief at PCWorld Bulgaria before joining PhoneArena. Mariyan's interests range from mainstream Android and iPhone debates to fringe technologies like graphene batteries and nanotechnology. Off-duty, he enjoys playing his electric guitar, practicing Japanese, and revisiting his love for video games and Haruki Murakami's works.
Recommended Stories
Loading Comments...
COMMENT
All comments need to comply with our
Community Guidelines
Phonearena comments rules
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: