Newsbytes
  • India
  • Business
  • World
  • Politics
  • Sports
  • Technology
  • Entertainment
  • Auto
  • Lifestyle
  • Inspirational
  • Career
  • Bengaluru
  • Delhi
  • Mumbai
  • Videos
  • Visual Stories
  • Reviews
  • Phone Reviews
  • Fitness Bands Reviews
  • Speakers Reviews
  • Find Cricket Statistics
Hindi
More
In the news
Elon Musk
Apple
OnePlus
NOTHING
Latest Laptops
Newsbytes
Hindi
Newsbytes
User Placeholder

Hi,

Logout


India
Business
World
Politics
Sports
Technology
Entertainment
Auto
Lifestyle
Inspirational
Career
Bengaluru
Delhi
Mumbai
Videos
Visual Stories
Reviews
Phone Reviews
Fitness Bands Reviews
Speakers Reviews
Find Cricket Statistics

More Links
  • Videos

Download Android App

Follow us on
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
 
Home / News / Technology News / #BugAlert: Dating app Grindr risked private user information
Technology

#BugAlert: Dating app Grindr risked private user information

#BugAlert: Dating app Grindr risked private user information
Written by Shubham Sharma
Oct 04, 2020, 02:19 pm 2 min read
#BugAlert: Dating app Grindr risked private user information

Popular gay dating app Grindr is drawing flak for a rather careless vulnerability in its service, an issue that risked the privacy and security of millions of people using the platform. It could have compromised private and confidential information of the users, but luckily enough, the team at Grindr patched the loophole before it was exploited. Here is more about it.

Issue
Vulnerability in password reset functionality

The glitch in question, discovered by French security researcher Wassime Bouimadaghene, tied to the password reset function of Grindr's website. Basically, he found that when you use the password reset option and enter the email of the target, the service sends a reset token required to reset their Grindr password back to the web browser.

Details
Using the key redirected to password reset page

Once the key is delivered, the researcher found, it could easily be added to the Grindr's password reset URL, which immediately redirected to the page where the password for the Grindr account associated with the input email could be changed. This means all one needed to completely take over a Grindr account was the email address of the user and the reset URL.

Response
Initially, Grindr kept ignoring the flaw

After discovering the bug, which threatened all Grindr accounts and their data (including sexuality information and HIV status), Wassime reported the issue to the dating company. However, the company kept ignoring the disclosures until the Troy Hunt's Have I Been Pwned and TechCrunch publicly revealed the matter through their posts. Now, the issue has been fixed, according to a statement from the company.

Comment
Issue resolved before exploitation: Grindr COO

Speaking on the matter with TechCrunch, Grindr's COO Rick Marini said "We believe we addressed the issue before it was exploited by any malicious parties." He went on to add that the company will boost its security standards moving ahead through various measures, including partnering with a "leading security firm" and introducing a bug bounty program, where researchers reporting critical issues will be rewarded.

Share this timeline
Facebook
Whatsapp
Twitter
Linkedin
Shubham Sharma
Shubham Sharma
Twitter
Editor with over five years of experience in covering all things science, consumer tech, space tech, AI, infosec, and business. A commerce graduate from University of Lucknow. I have been handling Tech beat at NewsBytes since 2018.
Latest
Security
TechCrunch
HIV
Troy Hunt
Latest
2022 Wimbledon: Novak Djokovic defeats Tim van Rijthoven
2022 Wimbledon: Novak Djokovic defeats Tim van Rijthoven Sports
What to watch in July? 7 upcoming titles hitting OTT
What to watch in July? 7 upcoming titles hitting OTT Entertainment
2022 Wimbledon: Ons Jabeur reaches quarter-finals after beating Elise Mertens
2022 Wimbledon: Ons Jabeur reaches quarter-finals after beating Elise Mertens Sports
Samsung rolls out July Android security update for Galaxy A32
Samsung rolls out July Android security update for Galaxy A32 Technology
5 martial art forms to lose weight
5 martial art forms to lose weight Lifestyle
Security
How to secure your WhatsApp: Check latest features and settings
How to secure your WhatsApp: Check latest features and settings Technology
J&K Police shoots down Pakistani drone carrying explosives in Kathua
J&K Police shoots down Pakistani drone carrying explosives in Kathua India
Russia-Ukraine crisis: PM chairs high-level meet to review security preparedness
Russia-Ukraine crisis: PM chairs high-level meet to review security preparedness India
Man tries to break into NSA Ajit Doval's residence; detained
Man tries to break into NSA Ajit Doval's residence; detained India
Tips to safeguard your home from burglars
Tips to safeguard your home from burglars Lifestyle
More News
TechCrunch
Salesforce is buying Slack for $28bn, its biggest acquisition yet
Salesforce is buying Slack for $28bn, its biggest acquisition yet Technology
Facebook India policy head Ankhi Das quits after hate-speech row
Facebook India policy head Ankhi Das quits after hate-speech row Business
NewsBytes Briefing: Google launches new Pixel phones, and more
NewsBytes Briefing: Google launches new Pixel phones, and more Technology
NewsBytes Briefing: TikTok files for injunction against ban, and more
NewsBytes Briefing: TikTok files for injunction against ban, and more Technology
Soon, Boston Dynamics will announce new robots for logistics
Soon, Boston Dynamics will announce new robots for logistics Technology
More News
HIV
Grindr fined $11.7 million for selling user data without consent
Grindr fined $11.7 million for selling user data without consent Technology
Looking for COVID-19 vaccine update? Use this government portal
Looking for COVID-19 vaccine update? Use this government portal Technology
Novavax's COVID-19 vaccine goes into mid-stage human trials: Details here
Novavax's COVID-19 vaccine goes into mid-stage human trials: Details here World
WHO calls off Hydroxychloroquine trial for COVID-19 treatment: Here's why
WHO calls off Hydroxychloroquine trial for COVID-19 treatment: Here's why Technology
Coronavirus "may never go away," warns World Health Organization
Coronavirus "may never go away," warns World Health Organization World
More News
Troy Hunt
World's most hacked passwords revealed: Check if yours is there
World's most hacked passwords revealed: Check if yours is there Technology
Over 2 billion emails, passwords stolen: Check if you're safe
Over 2 billion emails, passwords stolen: Check if you're safe Technology
#MegaBreachAlert: Over 2 billion emails, passwords found on 'hacking' forum
#MegaBreachAlert: Over 2 billion emails, passwords found on 'hacking' forum Technology
711 million email accounts susceptible to malignant spambot
711 million email accounts susceptible to malignant spambot Technology
Sachin tweets asking for phone numbers, fans respond, spammers rejoice
Sachin tweets asking for phone numbers, fans respond, spammers rejoice India
More News
Next News Article
Next News Article

Love Technology news?

Subscribe to stay updated.

Science Thumbnail
India News Business News World News Politics News Sports News Technology News Entertainment News Auto News Lifestyle News Inspirational News
Career News Bengaluru News Delhi News Mumbai News Mukesh Ambani Indian Premier League (IPL) Karnataka Samsung Xiaomi West Bengal
Bihar Virat Kohli Rohit Sharma Haryana Narendra Modi Arvind Kejriwal Tamil Nadu Gujarat Yogi Adityanath YouTube
Instagram Hollywood News Uttar Pradesh Kerala Netflix Bollywood News Mamata Banerjee Maruti Suzuki Rahul Gandhi Elon Musk
Shah Rukh Khan Chelsea FC OPPO Akhilesh Yadav Indian Cricket Team Apple Manchester United Salman Khan Cryptocurrency OnePlus
Amitabh Bachchan ICC Women's World Cup Vivo India vs Sri Lanka
About Us Privacy Policy Terms & Conditions Contact Us Ethical Conduct Grievance Redressal News News Archive Topics Archive IPL 2022 Schedule IPL 2022 Points Table Find Cricket Statistics
Follow us on
Facebook Twitter Linkedin Youtube
All rights reserved © NewsBytes 2022