We all know that software vulnerabilities are a common problem that plagues applications on every platform imaginable. Things get more complicated when we talk about sensitive apps like Grindr, for example. A French security researcher named Wassime Bouimadaghene found a serious flaw in a dating app, which allows hackers to easily hijack accounts using victims’ email, and Wassime tried to file a ticket on Grindr’s support page but was later deleted. The Frenchman then contacted two other security researchers in order to shed light on the case. Only after someone (Troy Hunt) posted about the issue on Twitter did Grindr’s private security team get involved.
The vulnerability exploits the “forgot password” scenario. The attackers just need to enter the victim’s email and then open the developer console to obtain the “password reset” code. Armed with it, they can easily change the password and hijack the account. One security researcher described this problem as “one of the simplest account acquisition techniques.”
Photo – Troy Hunt
“We are grateful to the researcher who identified a weakness. The reported issue has been fixed. Fortunately, we believe we addressed the issue before it could be exploited by any malicious parties. As part of our commitment to improving the safety and security of our services, we partner with a leading security company to simplify and improve the ability of security researchers to report such issues. Additionally, we will soon announce a new bug bounty program to provide additional incentives to researchers to help us keep our service safe in the future. ” Rick Marigny, Grindr’s Chief Operating Officer said TechCrunch.
Subtly charming zombie buff. Amateur analyst. Proud tvaholic. Beer fanatic. Web expert. Evil troublemaker. Passionate internet maven. Gamer. Food evangelist.