A popular dating app for gay, Grindr, contains major security vulnerabilities. A malicious hacker managed to priv lwa data to steal users and published it on a website.
According to the Sydney Morning Herald are at least 100,000 of mainly Australian users victim of the vulnerability. A hacker would be on a special website, private of them have been published. It is unclear to what data it is. In total, the app, with some two million users.
The hacker was an abuse of a vulnerability in the app so he could log in as a different user. This he did but one hash-value-to-replace, and then he himself as a other user could occur, and private information could steal. This was, among other things, to photos.
A beveiligingsexpert stated opposite the Sydney Morning Herald that the application very good was protected and that there is hardly any authentication took place. A developed by the same company app for heterosexuals, Blendr, would also be vulnerable, although there is no evidence for.
Grindr is designed for gay and let them make contact with other users who are in the vicinity. The ceo of the company behind Grindr has indicated that it does not on specific vulnerabilities to want to go in, but would have to say that there will be a update is released.