The private photos and personal information of thousands of Grindr users have reportedly been compromised by a Sydney-based hacker who used vulnerabilities in the app to impersonate other users — chatting and sending photos on their behalf.
The app has about 100,000 users in Australia, with the bulk of those living in Sydney.
The hacker published information from users that he had obtained on a website which would have let other people take over the accounts but has since been taken down after legal threats from Grindr.
The Star Observer understands that users who had their Grindr accounts linked to third-party websites such as Twitter were more vulnerable.
The hacker reportedly changed the profile picture of a number of Sydney Grindr users to explicit images leading some to be banned for perceived terms-of-service violation.
It is understood the hacker took advantage of the fact that the app used a personalised string of numbers known as a hash instead of a username and password to log in.
Anyone who is concerned that their privacy may have been violated can request that Grindr delete their account by contacting them through their website.
Grindr will roll out a major security update in the coming days.
Grindr CEO Joel Simkhai told the Star Observer, “Like other responsible companies, we don’t comment on specifics of security enhancements or allegations about network issues – that wouldn’t serve the security of our users, our networks, or web security in general.”
“[But] As a result of Grindr’s ongoing investigation, we took legal and technological actions to block a site that violated our terms of service. This site impacted a small number of primarily Australian Grindr users and it remains shut down. Blendr users were not affected by this.”
“We continuously make improvements to our platform to increase security across our networks. We are releasing a mandatory update to our apps over the next few days to enhance security. When the update is available, users will be notified via in-app messaging, on Twitter and on the Grindr blog.”
“Our users can be assured that Grindr does not retain chat history, credit card information, or addresses – and no such information was ever compromised.”