Grindr Security Flaw Allowed Account Takeovers via Email Address

Grindr, the world’s leading dating and social networking app for LGBTQ+ communities, recently patched a critical security vulnerability that enabled attackers to hijack any user’s account using just their email address.

How the Vulnerability Worked

French security researcher Wassime Bouimadaghene discovered the flaw in Grindr’s password reset system:

  • The app would generate password reset tokens sent via email
  • These tokens were simultaneously leaked to the browser
  • Attackers could intercept the tokens without accessing the victim’s email
  • Using the token, they could craft a password reset link and take over accounts

Password reset token leak
Image showing leaked password reset tokens (Credit: Troy Hunt)

Severity of the Security Flaw

Security expert Troy Hunt, who verified the vulnerability, called it “one of the most basic account takeover techniques I’ve seen.” The breach could have exposed:

  • Private messages and photos
  • Sexual orientation data
  • HIV status and last test dates
  • Other sensitive personal information

Grindr’s Response and Fix

After being alerted to the issue, Grindr promptly addressed the vulnerability. Chief Operating Officer Rick Marini stated:

“We are grateful for the researcher who identified a vulnerability. The reported issue has been fixed. Thankfully, we believe we addressed the issue before it was exploited by any malicious parties.”

The company also announced plans to:

  1. Partner with a leading security firm
  2. Improve vulnerability reporting processes
  3. Launch a bug bounty program

Context: Grindr’s Security History

This incident follows previous security concerns surrounding the app:

  • 2020: Sold by Chinese owner Beijing Kunlun due to national security concerns
  • 2018: Reports of Chinese engineers accessing sensitive US user data

With 27 million users worldwide (3 million daily active users), Grindr handles significant amounts of sensitive personal data, making robust security measures essential.

For security tips or vulnerability reports, contact TechCrunch’s security team via encrypted channels.

πŸ“š Featured Products & Recommendations

Discover our carefully selected products that complement this article’s topics:

πŸ›οΈ Featured Product 1: Gubbe Rasmia Icon Sl Top – Black B White

Gubbe Rasmia Icon Sl Top – Black B White Image: Premium product showcase

Premium quality gubbe rasmia icon sl top – black b white designed for professional use with excellent performance and reliability.

Key Features:

  • Cutting-edge technology integration
  • Streamlined workflow optimization
  • Heavy-duty construction for reliability
  • Expert technical support available

πŸ”— View Product Details & Purchase

πŸ›οΈ Featured Product 2: Leyla Polo – Nosegay

Leyla Polo – Nosegay Image: Premium product showcase

Carefully crafted leyla polo – nosegay delivering superior performance and lasting value.

Key Features:

  • Industry-leading performance metrics
  • Versatile application capabilities
  • Robust build quality and materials
  • Satisfaction guarantee and warranty

πŸ”— View Product Details & Purchase

πŸ’‘ Need Help Choosing? Contact our expert team for personalized product recommendations!

Remaining 0% to read
All articles, information, and images displayed on this site are uploaded by registered users (some news/media content is reprinted from network cooperation media) and are for reference only. The intellectual property rights of any content uploaded or published by users through this site belong to the users or the original copyright owners. If we have infringed your copyright, please contact us and we will rectify it within three working days.