Hacker Gains Control Of Grindr Accounts In “Major Breach”

At the moment the digital world seems to be a battleground fought over by the law-makers acting in the interests of corporations and companies at risk of substantial financial losses, and the hacktivists representing the everyman, who fight for freedom of speech and the open exchange of information. Then there is a slightly grey(er) area – hacks on networks and other sites that contain the private information of thousands of people. It can’t be argued that you are acting in the interesting of the masses if you start peeping into the everyday lives of people.

But this is exactly what has happened with Grindr, a location-aware smartphone app that allows gay men to meet other gay men within the vicinity, making use of the phones’ GPS capabilities. The news in the last week is that the app’s security has been compromised by a Sydney hacker, potentially exposing intimate personal chats, explicit photos and private information of users.

According to the Sydney Morning Herald, the hacker used the fact that the app uses a string of personalised numbers known as a hash, instead of a username and password to log on, and then discovered that it could be replaced with another user’s hash, enabling the hacker to:

- Log in as any user
– See the user’s favourites
– Change their profile information and profile picture
– Talk to others as the user
– Access pictures sent to the user
– Impersonate a user’s “favourite” and talk to them as a friend

An unnamed security expert demonstrated – with the permission of a user – how he could log in as them and take control of their app. Speaking of Grindr, the security expert said that the app has “no real security… very poorly designed … [with] poor session security and authentication… It wouldn’t be too hard to secure this.”

In response to this security breach, Joel Simkhai (the founder of Grindr and Blendr – an equivalent version of the app for heterosexuals) has said “We are certainly aware of a lot of these vulnerabilities and … they will be fixed as fast as humanly possible”. He went on to add “We are diligently monitoring for hacking and we’ve added dedicated IT security specialists to our team,” he said. “In the coming weeks, we’ll be rolling out a major security upgrade to our platform.”

This entry was posted in News by Andrew Robertson. Bookmark the permalink.

About Andrew Robertson

I'm Andrew, I work as the Social Media & Marketing Assistant at SocialSafe. I've been writing blogs on here for over two years now, so you'll find pieces from me about anything relating to social media and tech, as well as the changing face of personal data. There's also room for the occasional post on some slightly off topics stories... just for the sake of variety!!

One thought on “Hacker Gains Control Of Grindr Accounts In “Major Breach”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s