NewsBytes
    Hindi Tamil Telugu
    More
    In the news
    Narendra Modi
    Amit Shah
    Box Office Collection
    Bharatiya Janata Party (BJP)
    OTT releases
    Hindi Tamil Telugu
    NewsBytes
    User Placeholder

    Hi,

    Logout

    India
    Business
    World
    Politics
    Sports
    Technology
    Entertainment
    Auto
    Lifestyle
    Inspirational
    Career
    Bengaluru
    Delhi
    Mumbai

    Download Android App

    Follow us on
    • Facebook
    • Twitter
    • Linkedin
    Home / News / Technology News / #BugAlert: Dating app Grindr risked private user information
    Next Article
    #BugAlert: Dating app Grindr risked private user information

    #BugAlert: Dating app Grindr risked private user information

    By Shubham Sharma
    Oct 04, 2020
    02:19 pm

    What's the story

    Popular gay dating app Grindr is drawing flak for a rather careless vulnerability in its service, an issue that risked the privacy and security of millions of people using the platform.

    It could have compromised private and confidential information of the users, but luckily enough, the team at Grindr patched the loophole before it was exploited.

    Here is more about it.

    Issue

    Vulnerability in password reset functionality

    The glitch in question, discovered by French security researcher Wassime Bouimadaghene, tied to the password reset function of Grindr's website.

    Basically, he found that when you use the password reset option and enter the email of the target, the service sends a reset token required to reset their Grindr password back to the web browser.

    Details

    Using the key redirected to password reset page

    Once the key is delivered, the researcher found, it could easily be added to the Grindr's password reset URL, which immediately redirected to the page where the password for the Grindr account associated with the input email could be changed.

    This means all one needed to completely take over a Grindr account was the email address of the user and the reset URL.

    Response

    Initially, Grindr kept ignoring the flaw

    After discovering the bug, which threatened all Grindr accounts and their data (including sexuality information and HIV status), Wassime reported the issue to the dating company.

    However, the company kept ignoring the disclosures until the Troy Hunt's Have I Been Pwned and TechCrunch publicly revealed the matter through their posts.

    Now, the issue has been fixed, according to a statement from the company.

    Comment

    Issue resolved before exploitation: Grindr COO

    Speaking on the matter with TechCrunch, Grindr's COO Rick Marini said "We believe we addressed the issue before it was exploited by any malicious parties."

    He went on to add that the company will boost its security standards moving ahead through various measures, including partnering with a "leading security firm" and introducing a bug bounty program, where researchers reporting critical issues will be rewarded.

    Facebook
    Whatsapp
    Twitter
    Linkedin
    Related News
    Latest
    Security
    TechCrunch
    HIV

    Latest

    Virat Kohli owns over 700 IPL runs against SRH: Stats Virat Kohli
    Ram Charan's 'Peddi' shoot is 30% done AR Rahman
    'Housefull 5' trailer set for grand launch next week  Abhishek Bachchan
    Know Salman Khan, was invited, says woman arrested for trespassing Salman Khan

    Security

    Hacker flags Safari vulnerabilities, wins Rs. 57 lakh from Apple Apple
    Zoom creates 'security council' to fight data privacy concerns Facebook
    Zoom will let customers choose data centers for routing calls United States of America
    Five lakh Zoom accounts are being sold on dark web Zoom

    TechCrunch

    Soon, Facebook might launch LOL meme app for teens Facebook
    Facebook secretly paid teens to access their messages, browsing history Facebook
    SBI data leaked: Millions of customers' information exposed from server State Bank of India (SBI)
    SBI Data Leak: What can you do to stay protected? India

    HIV

    Indian-origin prof gets $2mn-grant for research on lupus in women United States of America
    #HealthBytes: What to do if you had unprotected sex? Health & Wellness
    HIV-infected people can find a life partner through this website India
    #KnowTheDisease: Everything you need to know about HIV and AIDS Health & Wellness
    Indian Premier League (IPL) Celebrity Hollywood Bollywood UEFA Champions League Tennis Football Smartphones Cryptocurrency Upcoming Movies Premier League Cricket News Latest automobiles Latest Cars Upcoming Cars Latest Bikes Upcoming Tablets
    About Us Privacy Policy Terms & Conditions Contact Us Ethical Conduct Grievance Redressal News News Archive Topics Archive Download DevBytes Find Cricket Statistics
    Follow us on
    Facebook Twitter Linkedin
    All rights reserved © NewsBytes 2025