HendryTan Posted January 21, 2012 Report Share Posted January 21, 2012 Grindr got hacked. If you are a Grindr user, please read. I will also post Grindr's response below----------------------------------------------------------------Love online: 100,000 Grindr users exposed in hack attackhttp://www.smh.com.au/technology/security/love-online-100000-grindr-users-exposed-in--hack-attack-20120119-1q7pf.htmlJanuary 20, 2012A popular "meat-market" smartphone app that spawned a sexual revolution in Australia's gay community has been compromised by a Sydney hacker, potentially exposing intimate personal chats, explicit photos and private information of users.The location-aware Grindr app enables gay men to meet other gay men who may be just metres away, making use of their smartphone's Global Positioning System (GPS). It had about 100,000 Australian users as of August last year and more than one million users worldwide.Now a hacker has pushed the app developer into a security crisis that has left its users seriously vulnerable considering the vast amounts of private information traded through the app - in many cases naked photos.The hacker discovered a way to log in as another user, impersonate that user, chat and send photos on their behalf.The vulnerabilities are also present in Blendr, the straight version of the app, according to a security expert who said both apps had "no real security" and were "poorly designed". Fairfax Media is not aware that Blendr has been hacked but the potential was there, according to the security expert.The founder of the apps, Joel Simkhai, conceded both were vulnerable and he was rushing to release a patch to address the issues. He said he had originally been waiting until new architecture was built "within weeks" but was now releasing an update to both apps "over the next few days".In a telephone interview about the vulnerabilities last Friday he said it was news to him about the potential for text chats to be monitored and claimed the company had never experienced a "major breach" in which a large portion of users were affected."We [do] get people trying to hack into our servers," he said. "That's something that I am aware of and we certainly have a team in place that are working to prevent that."But by Tuesday Mr Simkhai admitted that he was "aware of some vulnerabilities" but he would not talk about them in detail to avoid a hacker exploiting them."We are certainly aware of a lot of these vulnerabilities and ... they will be fixed as fast as humanly possible," he said.He could not say how many people had attempted to take advantage of the vulnerabilities but said a website created by the hacker had exploited some of the flaws in Grindr. That website was shut down after Friday's interview with Fairfax Media after he sought legal action.The website, registered on July 14 last year, allowed the hacker to search for any Grindr user regardless of their location, and capitalised on the vulnerabilities to offer other services not designed by the apps.Material seen by this website suggests that a number of Australian users had their Twitter profiles linked to Grindr profiles on the web page, making it easier to find users.At one point, according to sources who saw the website before it was taken down, it listed users' Grindr pseudonyms, passwords, their personal favourites (bookmarked friends) and allowed them to be impersonated, and thus have messages sent and received without their knowledge. At one point, the website also allowed users' profile pictures to be replaced.It is understood the hacker changed the profile picture of numerous Sydney Grindr users to explicit images. One user who was targeted confirmed they had been banned due to a perceived terms of service violation.It is understood the hacker took advantage of the fact the apps used a personalised string of numbers known as a hash, instead of a user name and password, to log in. The hash is exchanged between users' smartphones so they can communicate with each other but the hacker discovered it could be replaced with another users' hash to enable the hacker to:- Log in as any user- See the user's favourites- Change their profile information and profile picture- Talk to others as the user- Access pictures sent to the user- Impersonate a user's "favourite" and talk to them as a friendA security expert - who did not wish to be named because he didn't have Mr Simkhai's permission to analyse his systems - said that the Grindr and Blendr apps "had no real security".They are "very poorly designed ... [with] poor session security and authentication", the expert said. "It wouldn't be too hard to secure this."The security expert demonstrated with permission of a user how he could log in as them and take over the app.In a statement Mr Simkhai said keeping his platform secure from hackers was a "number one priority".Using technological means and legal actions his company had "blocked the offending website and hacker"."We are diligently monitoring for hacking and we've added dedicated IT security specialists to our team," he said. "In the coming weeks, we'll be rolling out a major security upgrade to our platform."He maintained conversations on the app could not be monitored. "Not only can chat not be monitored, but since we don't store chat history on our servers there is no way anyone can access all past chat history."If users are concerned about their security they can permanently delete their Grindr or Blendr profile following a number of steps on the company’s website, which involves Grindr manually deleting it through a support request. Link to comment Share on other sites More sharing options...
HendryTan Posted January 21, 2012 Author Report Share Posted January 21, 2012 http://blog.grindr.com/2012/01/the-importance-of-community-in-keeping-grindr-secure/The Importance of Community in Keeping Grindr SecurePosted on January 20, 2012 by grindrThere’s nothing more important to me than our users — we owe our success to our Grindr community who have helped spread the word about their great experiences. Your security and the security of our platform is a core priority. Like other responsible companies, we don’t comment on specifics of security enhancements or allegations about network issues – that wouldn’t serve the security of our users, our networks, or web security in general. As a result of Grindr’s ongoing investigation, we took legal and technological actions to block a site that violated our terms of service. This site impacted a small number of primarily Australian Grindr users and it remains shut down.We continuously make improvements to our platform to increase security across our networks. We are releasing a mandatory update to our apps over the next few days to enhance security. When the update is available, users will be notified via in-app messaging, on Twitter and on this blog post. Our users can be assured that Grindr does not retain chat history, credit card information, or addresses – and no such information was ever compromised.While we’re always looking at ways to enhance the Grindr experience and keep our user data secure, we also rely on you, the Grindr community to help us keep Grindr safe. Please report any suspicious incidents that you may come across by emailing review@grindr.com.Regards,JoelFounder & CEO Link to comment Share on other sites More sharing options...
Blacque Posted January 22, 2012 Report Share Posted January 22, 2012 The hacker has nothing better to do but to hack into a harmless social app and screw a big shit out of it. What's becoming of this world?! Instagram: vodkabaker Link to comment Share on other sites More sharing options...
XiaoMessy Posted January 22, 2012 Report Share Posted January 22, 2012 The hacker has nothing better to do but to hack into a harmless social app and screw a big shit out of it. What's becoming of this world?! 2012 is here. ): How to seek revenge 101: Know him. Befriend him. Make him trust you wholeheartedly. Destroy him. Utterly. Link to comment Share on other sites More sharing options...
Exynos Posted January 22, 2012 Report Share Posted January 22, 2012 unfortunately Grindr is the shittiest of all the gay social apps... lol Link to comment Share on other sites More sharing options...
Recommended Posts