Grindr Security Flaw Exposes Users’ Restricted Profiles And Location Data

- Friday, April 13 2018 @ 09:22 am
- Contributed by: ElyseRomano
- Views: 112

The dating app world has once again been hit with a privacy scandal. DC-based developer Trevor Faden revealed a sweeping security flaw in Grindr’s code, a glitch he says has the potential to expose sensitive information of more than 3 million daily users.
According to Faden, Grindr attaches a list of restricted profiles to each user’s account to prevent the app from displaying a profile after the user has blocked them. The list would normally remain invisible, but a loophole makes it possible to retrieve the list from Grindr’s code, thereby granting someone access to the names of every account that has blocked them.
Faden launched a website tool called C*ckBlocked that allowed users to retrieve their blocked lists by entering their Grindr username and password. Nearly 50,000 signed up, and once they did so, Faden was able to gain access to a cache of other personal information that is not publicly available on Grindr profiles, including unread messages, email addresses, deleted photos, and location data -- even for users who opted out of making their location public.