According to the Sydney Morning Herald, a security vulnerability has been discovered that allows hackers to access the user names and passwords for members of Grindr, a location-based mobile app for gay users.
“The bug, discovered by an unnamed Australian hacker, allows unauthorized users to exploit the app’s sign-in feature — which asks for a password hash rather than a password or user name — to access members’ profiles, view and share their explicit photos and impersonate them to send chat messages,” writes SecurityNewsDaily’s Matt Liebowitz.
“With more than half-a-million registered users, Grindr, a free app for Android, iPhone and Blackberry launched in 2009, makes use of a smartphone’s GPS to display a grid of all the men in the vicinity based on location,” Liebowitz writes. “The grid includes the user’s picture and how far away he is; tapping on a picture displays a brief profile (name and personal details), with the option to chat, send photos or share location.”
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.