LGBTQ+ community targeted by extortionists who threaten to publish nudes

The FTC Federal Trade Commission has warned the LGBTQ+ community about extortionists posing as potential romantic partners on Grindr and Feeld. The scammers send their targets explicit photos and then ask for them to reciprocate. If they do, targets are then blackmailed into paying a ransom,...

Watch out! Tinder and Grindr users targeted by cruel scammers using real abuse photos

A horrible catfishing scam is using real abuse photos in order to lure in unsuspecting victims on sites like Tinder and Grindr. Recently unearthed by Bleeping Computer, it works like this: Boy meets good-looking girl on dating site. The longer they talk, boy notices the conversation turning into ...

A week in security (Dec 13 – 19)

Last week on Malwarebytes Labs: Spear phish, whale phish, regular phish: What’s the difference? Kronos crippled by ransomware, service may be out for weeks 5 security lessons from 18 months of working from home What SMBs can do to protect against Log4Shell attacks After Log4j, December’s Patch...

Grindr fined for selling user data to advertisers

Dating network Grindr has been slapped with a US$7.7 million fine by Norwegian regulator Datatilsynet for sharing data with advertisers. Grindr—which call itself the worlds largest social networking app for gay, bi, trans, and queer people—sold data which includes GPS, IP address, age, and gender...

De-anonymization Story

This is important: Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops USCCB, effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained from data brokers was correlated with his apartment, place of work,...

$12m Grindr fine shows GDPR’s got teeth

As thoughts turn to Data Privacy this week in a big way, GDPR illustrates it isnt an afterthought. Grindr, the popular social network and dating platform, will likely suffer a $12 million USD fine due to privacy related complaints. What happened here, and what are the implications for future case...

Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking

A number of high-profile Android apps are still using an unpatched version of Google's widely-used app update library, potentially putting the personal data of hundreds of millions of smartphone users at risk of hacking. Many popular apps, including Grindr, Bumble, OkCupid, Cisco Teams, Moovit,...

Grindr's Bug Bounty Pledge Doesn't Translate to Security

SAS@Home 2020– After a Grindr security flaw was disclosed this week, the dating site promised it would launch a bug-bounty program in an effort to “keep its service secure.” But Katie Moussouris, CEO of Luta Security and a bug bounty program expert, warned at this week’s SAS@home virtual event th...

Paying Evil Corp Ransomware Might Land You a Big Federal Fine

Plus: A Grindr bug, a Joker explosion, and more of the week's top security news...

Apps on smartphones are selling and sharing our location data 24/7

By Waqas It's no surprise that the apps we download on our smartphones are tracking our movements and also transferring the information to third parties without our consent. Last year it was Google caught collecting location data of Android users even if their device's location service was off th...

Gay dating app Grindr shared user HIV & location data with third-parties

By Waqas Grindr shared personal, HIV and geolocation-related data with two of This is a post from HackRead.com Read the original post: Gay dating app Grindr shared user HIV & location data with third-parties...

Grindr - Gay chat, meet & date - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Grindr - Gay chat, meet & date published at the 'play' market has multiple vulnerabilities...

Grindr v2.1.1 iOS & Account System - Breach Attack Vulnerability

Document Title: =============== Grindr v2.1.1 iOS & Account System - Breach Attack Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1420 Release Date: ============= 2015-05-03 Vulnerability Laboratory ID VL-ID:...

Grindr for iOS Edit Configuration Document Display Name Denial of Service Vulnerability

Grindr for iOS is GPS based mobile app. Grindr for iOS suffers from an input validation vulnerability in the handling of Display Name when editing configuration options, which allows remote attackers to exploit the vulnerability to inject multiple terminator strings and conduct denial of service...

Grindr for iOS /user/success redirect_url parameter open redirect vulnerability

Grindr for iOS is GPS based mobile app. An open redirect vulnerability exists in the Grindr for iOS /user/success handling of the redirecturl parameter, which allows an attacker to construct a malicious URI, trick the user into parsing it, and redirect the user to an arbitrary WEB site for a...

Grindr for iOS Multiple Parameter Handling Email Address Operation Vulnerability

Grindr for iOS is GPS based mobile app. An input validation vulnerability exists in Grindr for iOS that fails to properly filter the email and oldemail parameters, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be used to gain access to...

Grindr for iOS Session Token Remote Password Manipulation Vulnerability

Grindr for iOS is GPS based mobile app. A security vulnerability in the Grindr for iOS reset password feature allows attackers to exploit the vulnerability to intercept session tokens, change email values, and reset passwords...

Grindr 2.1.1 Breach Attack

Document Title: =============== Grindr v2.1.1 iOS & Account System - Breach Attack Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1420 Release Date: ============= 2015-05-03 Vulnerability Laboratory ID VL-ID:...

Grindr Bug Bounty - Denial of Service Vulnerability

Document Title: =============== Grindr Bug Bounty - Denial of Service Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1490 Video: https://www.youtube.com/watch?v=tqc5IacqXA Release Date: ============= 2015-05-05 Vulnerability Laboratory ID VL-ID:...

Grindr v2.1.1 iOS Bounty #1 - (Session) Auth Bypass Vulnerabilities

Document Title: =============== Grindr v2.1.1 iOS Bounty 1 - Session Auth Bypass Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1419 Release Date: ============= 2015-05-04 Vulnerability Laboratory ID VL-ID:...