World’s largest dating and social networking apps ‘Grindr’ for gay, bi, trans, and queer people, has fixed a security flaw that allowed anyone to hijack the application and take control of any user’s account through their email addresses.
Wassime Bouimadaghene, a French security researcher, detected the vulnerability and reported the issue to the networking app Grindr web. However, when he didn’t hear back from them, Bouimadaghene shared details of the anomaly and the vulnerability with security expert Troy Hunt for help. The vulnerability was resolved soon. Troy Hunt, on his part, tested and confirmed the exposure with the service from a test account that was set up by Scott Helme.
Bouimadaghene found the vulnerability in the way how the application handles the account password resets. To reset a password, the dating app Grindr sends the user an email along with a clickable link that has the account password reset token. Once the connection is clicked, the user can immediately change their password and is allowed access back into their account.
Grindr App Data Breach
But Bouimadaghene found that the Grindr’s password reset page was leaking password reset tokens to the browser to anyone. That meant that anyone who already knew a user’s registered email address can trigger the password reset and collect the password reset token from the browser. This was a severe latest security flaws.
The clickable link on the email that Grindr generates for a password reset is formatted in the same way. This means that a malicious user can easily craft their clickable password reset link with the leaked password reset token from the browser. With that crafted link, the malicious user may reset the account owner’s password and gain access to their account to access any personal data including account photos, messages, sexual orientation, HIV status and last test date. “This is one of the most basic account takeover strategies I’ve witnessed,” Hunt stated.
In a statement, Grindr’s chief operating officer Rick Marini stated: “We are grateful for the researcher who initially identified the vulnerability. The reported issue has been resolved, and thankfully, we believe that we had addressed the issue and vulnerability before any malicious users or parties exploited the application. As a step towards our commitment to improving the safety and security of our service to our followers and users, we are partnering with a leading security firm who would simplify and improve the ability for security researchers to report such issues soon.
Additionally, we will also announce a new bug bounty program soon to provide additional incentives for the researchers to assist us in keeping our app and service secure in future.”
Grindr has a total of around 27 million users, with approximately 3 million users using the app each day. Grindr was earlier in 2020 sold by its former Chinese owner, Beijing Kunlun, to a Los Angeles-based tech company that is primarily led by Americans. This followed accusations that the company’s Chinese ownership had a national security threat. In 2019, it was reported that during the period when the application was under Chinese license, Grindr allowed engineers across Beijing to access to the personal data of millions of U.S. users, including their private messages and information about HIV status too.