A major security flaw affecting the dating app Grindr allowed attackers to take over any user’s account, provided they knew or could guess the email address associated with it.
Security researcher Troy Hunt – who runs Were you pwned? – Prof. Transfer A detail of the security vulnerability, which was alerted to it by the security researcher Wassime Bouimadaghene.
The vulnerability enabled the entire account to be hijacked using a simple attack that only required the attacker to enter a valid email address for the target account.
It has since been fixed, but Hunt noted that the nature of access to sensitive information potentially providing attackers was of concern.
All the attacker had to do to initiate this attack was to visit the Grindr Password Reset page, where they could enter the email address of the target account.
After the captcha test is completed on this page, a notification is displayed stating that a password reset link will be emailed to the user.
However, checking the response using browser development tools revealed a password reset code, which can be pasted into a password-reset URL without having to access the password-reset email.
The attacker can then reset the user’s password and use the new credentials to log into the user’s Grindr account through the mobile app.
The information disclosed through this vulnerability includes areas such as age, weight, race, HIV status, and more.
Private messages and other sensitive information like photos will also be exposed due to the attacker taking over the victim’s entire account.
Grindr has since fixed this vulnerability, saying that it believes the issue has been addressed before attackers can exploit it.
“As part of our commitment to improving the safety and security of our services, we are partnering with a leading security company to simplify and improve the ability of security researchers to report problems like this,” Tell TechCrunch.
“Additionally, we will soon announce a new bug bounty program to provide additional incentives to researchers to help us keep our service safe in the future.”
