Grindr, a gay-dating app, suffers from security issues that can expose the information of its more than 3 million daily users, including the location data of people who have opted out of sharing such information, according to cybersecurity experts.
The security flaws were identified by Trever Faden after he created a website called C*ckblocked (the asterisk is part of the name of the service), NBC News reported. His website allowed users to see who blocked them on Grindr after they entered their Grindr username and password. Once they did so, Faden was able to see user data that is not publicly available on user profiles, including unread messages, email addresses, deleted photos, and the location data of users.
Grindr makes public the location of many of its users, but allows for users to opt out of this feature. Faden found that he could find the location of users who had opted out if they connected their Grindr profiles through his third-party website.
In a statement issued to NBC News, Grindr said it was aware of the vulnerabilities Faden found and changed its system to prevent access to data regarding blocked accounts. The company did not change access to any of the other data or how its app sends location data openly over the internet and also warned people not to use their Grindr logins for other apps or websites. After Grindr changed its policy on access to data on which users had blocked other users, Faden shut down his website.