BY ROB SALERNO – Oh noes! Grindr’s been hacked!
The Sydney Morning Herald reports that a hacker in Australia has found a way to log in to anyone’s Grindr account and thus retrieve any personal information and communicate as any user.
This is, apparently, an elementary security lapse that Grindr has announced plans to address with a mandatory update — likely requiring a password to log in — in the coming days.
A blog post from Grindr creator Joel Simkhai explains that chat histories, credit card information and addresses were not compromised because Grindr doesn’t actually store that information; it stays on your phone. The Herald reports that the hack involved the creation of a website that “listed users’ Grindr pseudonyms, passwords, their personal favourites
(bookmarked friends) and allowed them to be impersonated, and thus have messages
sent and received without their knowledge. At one point, the website also
allowed users’ profile pictures to be replaced.” While several people got themselves banned from the app by the hacker after he changed their profile pictures to an explicit pic that violated the company’s terms of service (which some say are fairly prudish), it doesn’t appear that anyone’s personal pictures were stolen via the hack.
Unless, of course, the hacker used someone’s profile to solicit explicit pics from other people.
It’s just another lesson that reinforces that there is no such thing as privacy on the internet, so be careful what you’re sharing.
We’ll let you know when the Grindr security update is released. Or you can follow the company on its Twitter account for more updates.