Grindr, a person of the world’s major relationship and social networking apps for gay, bi, trans, and queer folks, has fixed a security vulnerability that allowed any person to hijack and get manage of any user’s account utilizing only their email address.
Wassime Bouimadaghene, a French stability researcher, observed the vulnerability and described the concern to Grindr. When he did not listen to back, Bouimadaghene shared information of the vulnerability with stability specialist Troy Hunt to support.
The vulnerability was preset a quick time afterwards.
Hunt examined and confirmed the vulnerability with assist from a check account set up by Scott Helme, and shared his findings with TechCrunch.
Bouimadaghene located the vulnerability in how the application handles account password resets.
To reset a password, Grindr sends the consumer an electronic mail with a clickable link that contains an account password reset token. As soon as clicked, the user can transform their password and is authorized back into their account.
But Bouimadaghene uncovered that Grindr’s password reset website page was leaking password reset tokens to the browser. That meant everyone could bring about the password reset who had knowledge of a user’s registered electronic mail deal with, and obtain the password reset token from the browser if they understood in which to search.
The clickable backlink that Grindr generates for a password reset is formatted the exact same way, meaning a malicious consumer could simply craft their own clickable password reset website link — the identical backlink that was despatched to the user’s inbox — making use of the leaked password reset token from the browser.
With that crafted link, the malicious person can reset the account owner’s password and gain accessibility to their account and the private information saved within, like account images, messages, sexual orientation and HIV standing and last take a look at date.
“This is one particular of the most basic account takeover tactics I’ve found,” Hunt wrote.
In a statement, Grindr’s main running officer Rick Marini instructed TechCrunch: “We are grateful for the researcher who recognized a vulnerability. The claimed issue has been mounted. Luckily, we consider we resolved the concern before it was exploited by any malicious parties.”
“As element of our motivation to increasing the protection and safety of our assistance, we are partnering with a top protection organization to simplify and enhance the ability for safety scientists to report issues these kinds of as these. In addition, we will shortly announce a new bug bounty program to deliver supplemental incentives for scientists to support us in maintaining our company protected likely ahead,” the firm mentioned.
Grindr has about 27 million customers, with about 3 million employing the application just about every day. Grindr was sold before this calendar year by its former Chinese owner, Beijing Kunlun, to a Los Angeles-primarily based company mentioned to be led mostly by Individuals, pursuing accusations that the company’s Chinese ownership constituted a national stability danger.
Very last 12 months, it was claimed that whilst beneath Chinese ownership, Grindr authorized engineers in Beijing accessibility to the private knowledge of tens of millions of U.S. people, such as their non-public messages and HIV status.
You can send tips securely above Sign and WhatsApp to +1 646-755-8849 or send out an encrypted e mail to: email@example.com