The location-aware Grindr app enables gay men to meet other gay men who may be just metres away, making use of their smartphone's Global Positioning System GPS. It had aboutAustralian users as of Blendr sluts last year and more than one million users worldwide.
Now a hacker has pushed the app developer into a security crisis that has left its users seriously vulnerable considering the vast amounts of private information traded through the app - in many cases "Blendr sluts" photos.
Story continues below The hacker discovered a way to log in as another user, impersonate that user, chat and send photos on their behalf. The vulnerabilities are also present in Blendr, the straight version of the app, according to a security Blendr sluts who said both apps had "no real security" and were "poorly designed". Fairfax Media is not aware that Blendr has been hacked but the potential was there, according to the security expert.
The founder of the apps, Joel Simkhai, conceded both were vulnerable and he was rushing to release a patch to address the issues. He said he had originally been waiting until new architecture was built "within weeks" but was now releasing an update to both apps "over the next few days".
In a telephone interview about the vulnerabilities last Friday he said it was news to him about the potential for text chats to be monitored and claimed the company had never experienced a "major breach" in which a large portion of users were affected. He could not say how many people had attempted to take advantage of the vulnerabilities but said a website created by the hacker had exploited some of the flaws in Grindr.
That website was shut down after Friday's interview with Fairfax Blendr sluts after he sought legal action. The website, registered on July 14 last year, allowed the hacker to search for any Grindr user regardless of their location, and capitalised on the vulnerabilities to offer other services Blendr sluts designed by the apps.
Material seen by this website suggests that a number of Australian users "Blendr sluts" their Twitter profiles linked to Grindr profiles on the web page, making it easier to find users. At one point, according to sources who saw the website before it was taken down, it listed users' Grindr pseudonyms, passwords, their personal favourites Blendr sluts friends and allowed them to be impersonated, and thus have messages sent and received without their knowledge.
At one point, Blendr sluts website also allowed users' profile pictures to be replaced. It is understood the hacker changed the profile picture of numerous Sydney Grindr users to images.
One user who was targeted confirmed they had been banned due to a Blendr sluts terms of service violation. It is understood the hacker took advantage of the fact the apps used a personalised string of numbers known as a hash, instead of a user name and password, to log in.
The hash is exchanged between users' smartphones so they can communicate with each but the hacker discovered it could be replaced with another users' hash to enable the hacker to: Yes indeed, we too use "cookies. I know we do! You can thank the EU parliament for "Blendr sluts" everyone in the world click on these pointless things while changing absolutely nothing.
Otherwise, you'll just have to find some other site for your pointless bitchery needs. Imagine if AIDS started today?