Grindr is one of the largest dating and social networking apps for the lesbian, gay, bisexual, transgender and quer community, according tomedia company TechCrunch. Recently, the app fixed a security vulnerability that allows anyone to hijack and control any user account only through an email address. Wassime Bouimadaghene, a French security researcher, discovered the vulnerability and reported it to Grindr.
However, the vulnerability and quickly got fixed.
With the help of a test account created by Scott Helme, Hunt tested and identified the vulnerability and shared his findings with TechCrunch.
Bouimadaghene found a vulnerability in the app’s handling of account password resets.
It is understood that if a user wants to reset their password, Grindr sends them an email with a clickable link — including an account password reset token. Once clicked, users can change their password and be allowed to return to their account.
But Bouimadaghene found that Grindr’s password reset page would reveal the password reset token to the browser. This means that anyone who knows the user’s registered email address can trigger a password reset and collect a password reset token from the browser — if they know where to look.
Malicious users can reset account owners’ passwords and access their accounts and the personal data they store — including account photos, information, sexual orientation, AIDS status, and the date of the last test.
“We are grateful to the researchers who discovered the vulnerability,” Grindr CEO Rick Marini said in a statement provided to TechCrunch. The reported issue has been fixed. Fortunately, we believe this issue was resolved before it was exploited by any malicious elements. “
He continued, “We are committed to improving the security of our services, and we are working with a leading security company to simplify and improve the ability of security researchers to report such issues.” In addition, we will soon announce a new Vulnerability Incentive Program that will provide additional incentives for researchers to help us keep our services safe and moving forward. “
Grindr currently has about 27 million users and uses the app every day.