What Is The World Coming To When You Can't Even Trust Your Grindr Account
October 5, 2020
Return to Learning Center
Grindr is one of the leading apps for social networking, chat, and dating for LGBTQ+ individuals and advertise themselves as being a safe space for people. Is that true? Well, not according to this. It's amazing that an App that knows critically important life information about you such as your sexuality and even HIV status would take thorough precautions to keep that deeply personal private data protected. Grindr has disappointed with a security vulnerability that could have let anyone who could guess your email address into your user account.
French security researcher Wassime Bouimadaghene first figured out the vulnerability, hopefully before it could be exploited, and it's now been fixed. The company ignored his disclosures according to media reports until security researcher Troy Hunt of Have I Been Pwned and journalist Zack Whittaker of TechCrunch each verified the issue and blogged about it. To put a long story short about the vulnerability: if you had placed an email address into Grindr's password reset section, it would return a message back to your web browser with the key you need to reset the password buried inside the HTTP request. You could then just copy and paste that key into a password reset URL and take over any account just like that. From a technical perspective, this is a laughably bad security vulnerability and it is horrifying to know that even a large internationally known network like that can have that sort of vulnerability.
The importance of this to the App's users cannot be overstated. Grindr users include gay, bi, trans, and queer people around the world and the mere presence of the app on a person's phone can indicate something about their sexuality they may not want revealed to the outside world. There are even countries where this info can cause major legal problems. And yet this is the company that was caught sharing its users' HIV status to other companies, and sharing other personal info to third-party marketers. If a company dealing with something as personal as sexuality and health cannot be trusted and can have major privacy holes, then anybody could be at risk anywhere. Always look into your social networking apps' history and security practices. Your social networking usage can ruin your life if you're not careful. Any kind of online-dating is already stressful enough from a privacy and safety perspective without introducing really bad security flaws into the mix! Hopefully the world doesn't see this kind of problem pop up again, but somehow it seems certain that we'll see many privacy issues in the future.
We hope you enjoyed reading this guide and learned something new! Check out our Learning Center to learn more about online privacy and security or consider subscribing to our Online Privacy Service to remove your phone number, name, and address from Google, Bing, Yahoo, and DuckDuckGo search results and hundreds of data broker sites.