Huge Grindr security flaws expose user location data
Fresh security flaws have been found with the gay dating app Grindr, according to experts.
Lapses allowed third-party software to discover users’ location data even when they had opted out of sharing it.
The security flaws were discovered by Trevor Faden after he created C*ckblocked, a website that enabled Grindr users to find out who had blocked them.
Related link: C*ckblocked: Grindr has blocked you from seeing who blocked you
In order to take advantage of the feature, users were made to enter their username and password.
Once they had, Mr Faden was able access a large amount of private data, including unread messages, deleted photos and user location data.
Many users choose to have their location data set to public but the app gives people the option to opt out.
However, Mr Faden found that even those who did not want their location shared faced having it discovered by the third-party software.
He told NBC News: “One could, without too much difficulty or even a huge amount of technological skill, easily pinpoint a user’s exact location.” He has now shut down the website.
In a statement to NBC, Grindr confirmed the existence of the security vulnerabilities and said it had closed the loophole which allowed the data to be accessed.
It said: “Grindr moved quickly to make changes to its platform to resolve this issue. Grindr reminds all users that they should never give away their username and password to any third parties claiming to provide a benefit, as they are not authorized by Grindr and could potentially have malicious intent.”
Cooper Quintin, a security researcher at the Electronic Frontier Foundation, also confirmed the flaws, NBC News said.
Related link: Grindr starts sending HIV test reminders to users
He told the broadcaster: “There are a million reasons why you might not want someone to find your location through Grindr, and Grindr is dealing with that as a non-issue.”
PinkNews has contacted Grindr for comment.