Grindr has fixed a major security defect in order to secure the dating platform. The platform is one of the largest dating networks for gay, bisexual, lesbian, transexual, and queer people.
The defect allowed hackers to take control of a user’s account using only their email address.
The defect was identified by a French security researcher, who found the vulnerability and reported the issue to Grindr. The issue was fixed a short time later.
The defect was identified as hackers could request to reset a Grindr password, and could then obtain access to the new password, provided they knew the user’s email address.
In a statement, Rick Marini, Chief Operations Officer at Grindr, told TechCrunch: “We are grateful for the researcher who identified a vulnerability. The reported issue has been fixed. Thankfully, we believe we addressed the issue before it was exploited by any malicious parties.”
“As part of our commitment to improving the safety and security of our service, we are partnering with a leading security firm to simplify and improve the ability for security researchers to report issues such as these. In addition, we will soon announce a new bug bounty program to provide additional incentives for researchers to assist us in keeping our service secure going forward.”.
Grindr has over 27 million users, three million of which are active. The platform was sold last year by previous owners, Beijing Kunlun, to a Los Angeles based company, following accusations that the company’s owners were a ‘national security threat’.
Last year, it was reported that while under Chinese ownership, Grindr allowed engineers in Beijing access to the personal data of millions of U.S. users, including their private messages and HIV status.
Read more here.