A shameful security flaw could have let anyone access your Grindr account
You would think over a dating app that knows your gender and Human immunodeficiency virus status would take thorough precautions to keep that info protected, but Grindr has disappointed the world once over again — this meter, with a gobsmackingly egregious security vulnerability that could have let literally anyone WHO could guess your netmail address into your user account.
Luckily, French security researcher Wassime Bouimadaghene discovered the vulnerability, mayhap before it could be exploited, and it's now been fixed.
Unluckily for Grindr, the company ignored his disclosures — until security researcher Troy Run (of Have I Been Pwned) and diary keeper Zack Whittaker (of TechCrunch) each confirmed the issue and wrote just about IT.
The details need to be seen to be believed (so delight look at the image above) but the truncated edition is this: if you put an email turn to into Grindr's password reset form, it would send a message back to your web web browser with the key you need to readjust the password buried inside information technology.
You could then theoretically just copy and paste that key into a parole readjust URL (which Hound did), and take over an answer for just like that.
Grindr COO Rick Marini told TechCrunch that "we believe we addressed the issue before it was exploited aside any malicious parties," and says Grindr wish some partner with a "leading security firm" and precede a bug bounty program. That should hopefully imply security researchers like Bouimadaghene wish have an easier prison term acquiring in touch.
Again, this isn't honorable an app that contains a fewer messages. Grindr users include joyous, atomic number 83, trans and scupper individuals, and the specified presence of the app on a somebody's phone can show something about their gender they may non want unconcealed to the outside world. And still this is the company that was caught sharing its users' HIV status to other companies, and sharing new personal info to third-company advertisers.
That said, it might be a slightly different caller now. This March, the companionship's Chinese owners oversubscribed it to a group of U.S.A investors, World Health Organization also became Grindr's new management. Marini, the COO quoted by TechCrunch, was unrivalled of the investors in the radical. Another, Jeff Bonforte, is the troupe's parvenu Chief executive officer.
A shameful security flaw could have let anyone access your Grindr account
Source: https://www.theverge.com/2020/10/3/21500447/grindr-copy-paste-security-flaw-user-account
Posting Komentar untuk "A shameful security flaw could have let anyone access your Grindr account"