Skip to main content

News: Grindr flaw allowed hackers to take over user accounts at will

Martin Jartelius, CSO at Outpost24
Grindr, the world's largest social networking app for Gay, Bi, Trans, and Queer people, contained a serious flaw in the authentication mechanism for users that allowed cyber criminals to change the passwords of Grindr users at will.

Commenting on the security flaw discovered in Grindr, Martin Jartelius, CSO at Outpost24, said the exploit still requires an attacker to be aware of a victims email, meaning that if you are not known to be a user or if you used an anonymous email sign up which others do not know, you are at a lower risk, but still based on the nature of the application this can be very uncomfortable to users.

"Based on the implications for some users, it could even have posed a threat to security by leveraging information for extorting control. In March 2019 CFIUS Listed Chinese ownership of the application as a national security risk, what we see here is that ownership in and of itself was not the only risk, IT security of the application itself were and continued to be a risk as well," he added.

Read the full article here:

teiss logo Grindr flaw allowed hackers to take over user accounts at will

Looking for anything in particular?

Type your search word here