Friday, October 2, 2020
Grindr Vulnerability Allowed Takeover With Just Email Address
 
 A now-fixed security vulnerability on the app of Los Angeles-based Grindr would allow a hacker to take over control of any of the site's users, requiring only knowing a user's address. According to a security researcher, the bug--now fixed--was a result of a "password reset token" leak issue with Grindr's website. The vulnerability is not the first for Grindr, which had a widely publicized location information leak last year. Security vulnerability are not uncommon with online services and apps.
A now-fixed security vulnerability on the app of Los Angeles-based Grindr would allow a hacker to take over control of any of the site's users, requiring only knowing a user's address. According to a security researcher, the bug--now fixed--was a result of a "password reset token" leak issue with Grindr's website. The vulnerability is not the first for Grindr, which had a widely publicized location information leak last year. Security vulnerability are not uncommon with online services and apps.