Grindr security flaw exposes its users' locations

In March 2018, Trever Feden, the CEO of a property management startup, exposed a flaw in the gay-dating app Grindr that opened access to the location data and other information about its more than 3 million daily users. A website Faden set up allowed Grindr users to see who was blocking them after entering their Grindr name and password. Providing that information, however, also gave Faden access to user data that is not accessible via user profiles, including unread messages, email addresses, and deleted photos - as well as location data even for those who have elected not to share that information publicly. Grindr responded by changing its system to prevent access to the list of blocked accounts, and warned people not to use their Grindr logins for third-party apps and websites. The flaw is believed to be similar to the one that allowed Cambridge Analytica to collect user data from Facebook. Grindr has had security issues with location data since 2014; it is particularly sensitive because Grindr has users in 234 countries - but in more than 70 of them homosexuality is illegal.

https://www.nbcnews.com/feature/nbc-out/security-flaws-gay-dating-app-grindr-expose-users-location-data-n858446 and 

Writer: Brian Latimer

Publication: NBC News