SEO News

Grindr fixes vulnerability that let hackers easily hijack accounts


Illustration for article titled Serious Grindr Vulnerability Let Hackers Hijack User Accounts With Just an Email Address

Picture: Leon Neal (Getty Photos)

The well-liked LGBT+ hook-up app Grindr has mounted a obtrusive safety flaw that allowed hackers to take over any account if they knew the consumer’s registered e-mail tackle, PJDM reports.

Wassime Bouimadaghene, a French safety researcher, initially uncovered the vulnerability in September. However after he shared his discovery with Grindr and was met with radio silence, he determined to group up with Australian safety expert Troy Hunt, a regional director at Microsoft and the creator of the world’s largest database of stolen usernames and passwords, Have I Been Pwned?, to attract consideration to a difficulty that put Grindr’s greater than 3 million each day energetic customers in danger.

Hunt shared these findings with the outlet and on his website Friday, explaining that the issue stemmed from Grindr’s course of for letting customers reset their passwords. Like many social media websites, Grindr makes use of account password reset tokens, a single-use, machine-generated code to confirm that the individual requesting a brand new password is the proprietor of the account. When a consumer asks to alter their password, Grindr sends them an e-mail with a hyperlink containing the token that, as soon as clicked, lets them reset their password and regain entry to their account.

Nevertheless, Bouimadaghene found a severe concern with Grindr’s password reset web page: As a substitute of solely sending the password reset token to a consumer’s e-mail, Grindr additionally leaked it to the browser. “That meant anybody might set off the password reset who had information of a consumer’s registered e-mail tackle, and accumulate the password reset token from the browser in the event that they knew the place to look,” PJDM experiences.

Briefly, simply by realizing the e-mail tackle a consumer had related to their Grindr account, a hacker might simply create their very own clickable password reset hyperlink utilizing the leaked token and hijack the account, gaining immediate entry to a consumer’s footage, messages, HIV standing, and extra.

Hunt confirmed the vulnerability after organising a check account with fellow safety researcher Scott Helme. In his submit Friday, Hunt known as it “one of the crucial fundamental account takeover strategies I’ve seen.”

“I can’t fathom why the reset token—which ought to be a secret key—is returned within the response physique of an anonymously issued request,” he continued. “The convenience of exploit is unbelievably low and the affect is clearly important, so clearly that is one thing to be taken severely.”

And but, it wasn’t. In line with his submit, Bouimadaghene reached out to Grindr’s assist group on Sep. 24 and walked them by way of the potential account takeover course of. An organization consultant instructed him that Grindr’s builders had been notified of the difficulty and flagged his ticket as “resolved.” When Bouimadaghene adopted up over the course of the subsequent few days, he was met with silence.

After testing and confirming the vulnerability, Hunt tagged Grindr in a tweet on Thursday asking for contact data for the corporate’s safety group. The vulnerability was rapidly resolved after he received in contact.

Grindr didn’t instantly reply to Gizmodo’s request for remark, however the firm’s chief working officer Rick Marini offering the next assertion to PJDM:

“We’re grateful for the researcher who recognized a vulnerability. The reported concern has been mounted. Fortunately, we imagine we addressed the difficulty earlier than it was exploited by any malicious events. As a part of our dedication to bettering the security and safety of our service, we’re partnering with a number one safety agency to simplify and enhance the power for safety researchers to report points reminiscent of these. As well as, we are going to quickly announce a brand new bug bounty program to offer extra incentives for researchers to help us in preserving our service safe going ahead.”

You’ll assume that, given Grindr’s historical past of safety complications, the corporate would have realized by now to be extra aware of reported vulnerabilities. In 2018, Grindr was pressured to acknowledge that it shared data on customers’ HIV standing with third-party corporations for optimization functions following a damning Buzzfeed investigation. Grindr later stated it had stopped the practice. Earlier this yr, the app’s former proprietor, Beijing Kunlun Tech, bought Grindr to a Los Angeles-based company after a U.S. nationwide safety panel raised considerations in regards to the China-based firm.


#Grindr #fixes #vulnerability #hackers #simply #hijack #accounts


Alyse Stanley