Seeking love on the run via gay hookup app Grindr or its sibling Blendr? Your private information is in danger. On Friday the Sydney Morning Herald reported there are major security flaws in both apps and they’ve already been exploited by at least one hacker.
What’s at stake? According to the Herald, “vast amounts of private information traded through the app – in many cases naked photos.” (Translation: your tastefully filtered and soft-focused genital self-portraits could be available via an easy Google Image Search any day now.)
Leveraging Grindr’s links to other social networking sites the hacker found a way to log into Grindr or Blender as someone else and impersonate that user at will. And no one is safe:
The vulnerabilities are also present in Blendr, the straight version of the app, according to a security expert who said both apps had “no real security” and were “poorly designed”. Fairfax Media is not aware that Blendr has been hacked but the potential was there, according to the security expert.
Grindr founder and CEO Joel Simkhai addressed the problem in a blog post:
Your security and the security of our platform is a core priority. Like other responsible companies, we don’t comment on specifics of security enhancements or allegations about network issues – that wouldn’t serve the security of our users, our networks, or web security in general. As a result of Grindr’s ongoing investigation, we took legal and technological actions to block a site that violated our terms of service. This site impacted a small number of primarily Australian Grindr users and it remains shut down.
We continuously make improvements to our platform to increase security across our networks. We are releasing a mandatory update to our apps over the next few days to enhance security. When the update is available, users will be notified via in-app messaging, on Twitter and on this blog post. Our users can be assured that Grindr does not retain chat history, credit card information, or addresses – and no such information was ever compromised.
That no chats, street addresses or financial info was compromised may be a relief, but for many users of either app the idea that you could actually be flirting with a trolling hacker who looks like the Comic Book Guy from The Simpsons is probably bad enough.
Follow Steve Huff via RSS. firstname.lastname@example.org