Latest in Services

Image credit:

Grindr security flaws risk exposing users' location data

The company behind the gay dating app say they've fixed one exploit, but another remains.
David Lumb, @OutOnALumb
March 29, 2018
Share
Tweet
Share

Sponsored Links

Leon Neal via Getty Images

Two security issues could expose personal data for up to 3 million users of the gay dating app Grindr, according to an NBC OUT report. In the first, a website letting users log in with their Grindr credentials got wide-ranging access to data that isn't publicly available. This includes that user's unread messages, email addresses, deleted photos and real-time location -- even if they've opted out of publicly sharing the latter. But the second simply intercepts unencoded location data going from the app to servers, allowing anyone observing that user's internet traffic to pinpoint their position.

Trever Faden originally discovered the first flaw after creating the website C*ckblocked (asterisk intentional) to scrape data from anyone who logged in with their Grindr username and password. The second would let anyone monitoring web traffic observe the location-pings the Grindr app sends to its servers -- and while that's a creepy thing to do anywhere (like, say, over public Wi-Fi), it's also something that anti-gay governments or groups could use to peek at anyone who might use the service.

We've reached out to Grindr for comment and will add when we hear back. The company assured NBC OUT that the C*ckblock flaw had been fixed (the site was shut down anyway), but the second exploit reportedly remains.

In this article: services
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
You can pre-order Microsoft's Surface Duo foldable phone today

You can pre-order Microsoft's Surface Duo foldable phone today

View
A 'GoldenEye 007' fan remake is dead after a cease and desist demand

A 'GoldenEye 007' fan remake is dead after a cease and desist demand

View
Android-plus-Windows could be just what dual-screen devices need

Android-plus-Windows could be just what dual-screen devices need

View
Microsoft's Surface Duo will cost $1,399 and arrive on September 10th

Microsoft's Surface Duo will cost $1,399 and arrive on September 10th

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr