Commenting on the security flaw discovered in Grindr, Martin Jartelius, CSO at Outpost24, said the exploit still requires an attacker to be aware of a victims email, meaning that if you are not known to be a user or if you used an anonymous email sign up which others do not know, you are at a lower risk, but still based on the nature of the application this can be very uncomfortable to users.
"Based on the implications for some users, it could even have posed a threat to security by leveraging information for extorting control. In March 2019 CFIUS Listed Chinese ownership of the application as a national security risk, what we see here is that ownership in and of itself was not the only risk, IT security of the application itself were and continued to be a risk as well," he added.
Read the full article here:
Grindr flaw allowed hackers to take over user accounts at will