Grindr accounts could possibly be quickly hacked with a current email address.



Security authorities unmasked the weakness on the web – and described it as the LGBT relationship app.

It permitted the whole use of an individual’s account, including photos, messages, and HIV status.

Grindr said: “Luckily, we think we resolved the problem before it was exploited by any malicious parties.”

The downside was discovered by French protection researcher Wassime Bouimadaghene and noted by protection authorities Troy Hunt and Scott Helme.

How it worked:

  • To dominate an account, the hacker might enter the target’s current email address on Grindr’s password-reset page
  • A URL was then emailed to the owner allowing them to change their password – but that same URL may be present in the rule of the website
  • The hacker can then enter that URL into a new page and reset the password of the account
  • This permitted them to control the account and have use of the non-public information saved there, including account pictures, messages, sexual orientation, HIV position, and last check time
  • Grindr primary functioning specialist Rick Marini told news website TechCrunch: “We’re happy to the researcher who determined a vulnerability.
  • “The described issue has been fixed.”
  • Grindr was working to boost reporting procedures and incentives for protection experts to banner these problems, Mr. Marini added.
  • In 2018, the software was criticized for discussing information, including HIV position, with two additional companies.
  • It said the info has been distributed to simply help check and enhance the app.

