Grindr Hacked: 100,000 Users Exposed
Grinder: Popular Gay Hookup App Hacked
iPhone/Android/Blackberry gay cruising app Grindr was hacked, and 100,000 Australian users' details were compromised.
The hacker was able to exploit a security loophole and grant himself elevated admin permissions. The hacker was able to login as other Grindr users, and could see all the photos they had received as well as communicate with the rest of the Grindr ecosystem under a false identity: either that of the compromised user, or as that user's friends.
This is doubly problematic: not only are Grindr users' identities compromised within the app ecosystem, but not all of them are openly gay. There's a risk that the info gleaned from the Grindr hack could out some men who are in the closet. Imagine if a politician gets outed because of Grindr.; actually, that is not unprecedented.
Grindr users' info was pasted to a public-facing website, which has since been taken down, but the horse has fled the barn. Information online is like toxic waste: once it's released, it pretty much lives forever.
Is Blendr Safe?
Users of Blendr (the straight version of Grindr) are wondering if their accounts are safe. Sorry, but they are not. Blendr has the same vulnerabilities as Grindr.
The founder of the apps, Joel Simkhai, conceded both were vulnerable and he was rushing to release a patch to address the issues. He said he had originally been waiting until new architecture was built "within weeks" but was now releasing an update to both apps "over the next few days".
A third-party security expert described Grindr's and Blendr's security as basically worthless. Grindr has roughly a million worldwide users.