A loophole in the code of dating app Grindr is allowing users to see who has blocked their profile.
The vulnerability, involving an ‘invisible list’ of blocked profiles, was uncovered by developer Trever Faden.
The invisible list is made up of user IDs which can be retrieved with relative ease.
Faden has built an online tool called ‘C**kblocked’ which allows users to see who has their profile blocked.
He told PinkNews: “I assume Grindr will shut it down within a week, or patch the API I’m using so that it no longer displays the data, but I figure in the meantime, its interesting data that could spark some silly conversations”.
A range of concerns have been raised about Grindr since it was purchased by Kunlun Group at the start of the year.
Some users fear that their personal data may be accessible by Chinese authorities.
Further, reports from Sweden and Norway have suggested that Grindr is sending data about the HIV status of users internationally and unencrypted.
Read more here.