Table of contents:
Have you ever tried Grindr? If your answer is yes and you've read the headline, your hair will probably stand on end. If you don't have them all with you, we are going to tell you what happened, because the most famous dating application that currently exists has just endangering the personal data of millions of users around the worldAs you read it.
But let's go step by step. What exactly has happened? A security breach would have allowed an experienced hacker to gain control of the account of a victim, that is, a Grindr user.Although in this case we would be talking about thousands and thousands of them. It seems that the problem would be located in the login system, whereby it would be relatively easy for an expert to seize possession of an account from any user.
Attackers could log in to Grindr
Experts from TechCrunch have described the characteristics of the failure. It appears that a vulnerability in Grindr's login system would allow attackers to log into Grindr All they would need to know is email accounts of the users. Criminals could log in through the application's website and, from there, activate the password recovery system, available for those users who forget it.
The gap would facilitate the password change, because the token (security system) would be perfectly accessible through the browser's developer options.Anyone who knows a little about this could easily break into the password recovery system and eventually gain control of the user's Grindr account.
From there, in addition, cybercriminals could obtain intimate and direct information from users, placing them at their mercy, as they would have done with absolute control of the account. It should be noted that, as it is a dating application, Grindr contains very sensitive information about users: one of the most sensitive, HIV status, a option that can be answered freely or optionally and that can be very specific. As well as inform about the date of the last analysis. Not to mention private messages, appointments and other preferences of a private nature.
This issue has been fixed
Speaking to TechCrunch, Grindr COO Rick Marini explained that the vulnerability has been duly reported by the researcher who located it , which has allowed the problem, at this time, to be corrected. They also consider that by being quickly alerted, they were able to solve the incident before any hacker could take advantage of it.
Grindr COO Rick Marini has explained that the vulnerability has been duly reported by the researcher who located it, which has allowed the problem, at this time, to be corrected. They also consider that by being quickly alerted, they were able to solve the incident before any hacker could take advantage of it.
To avoid this type of mishap in the future (it must be remembered that this was not the only breach that has endangered information private and personal users), the manager has announced that a rewards program will soon be announced for professionals who want to warn about incidents, vulnerabilities and service gaps.
