A hacker has been able to access the database for Grindr’s users using a simple userid code instead of proper authentication. The Grindr app to access its web site is available for Android, IOS and Blackberry devices and allows users to search for, chat with and locate gay men.
Grindr said in a blog post, “As a result of Grindr’s on-going investigation, we took legal and technological actions to block a site that violated our terms of service. This site impacted a small number of primarily Australian Grindr users and it remains shut down.”
This ‘small number’ of users is more than 100,000, according to The Sydney Morning Herald. The hacker was able to use the same user login code to log in and impersonate users, sending photos, chatting and accessing their data. The problem is also present in Blendr, the version of the app for straight people.
Graham Cluley, senior technology consultant at Sophos said, “It’s an elementary security mistake that we have seen many websites caught out by before, not that that will be any consolation to the romance-hunting users of Grindr and Blendr.”
The firm admitted that it had been hacked on Twitter, saying that an update would be released to improve security.
Source: The Inquirer (http://s.tt/15lNT)