Grindr exposes location of 3 million daily users
Huge security flaws in gay-dating app Grindr have left the exact location of its more than 3 million daily users exposed. Anyone with the app installed on their phone can be easily tracked — even users who have made their location private — according to a new report from NBC Out.
Thanks to a loophole not unlike the one that allowed Cambridge Analytica researcher Aleksandr Kogan to scrape the data of millions of Facebook users, any third-party site or app authorized by one Grindr user was able to obtain the personal info of all related users.
Facebook isn't the only platform making data available to irresponsible third parties.
The issue was first noticed by Trever Faden, the CEO of an unrelated property management company Atlas Lane, who took advantage of the lax security settings in order to create the purposefully-asterisked website “C*ckblocked.” Ostensibly, C*ckblocked’s sole purpose was to show Grindr users who blocked them, however, the site had the ever-so-slightly problematic side effect of leaving millions of Grindr users’ data exposed for essentially anyone to see.
“One could, without too much difficulty or even a huge amount of technological skill, easily pinpoint a user's exact location," the site’s creator told NBC.
Though Grindr updated its policy on third-party access to data after NBC pointed out the vulnerability — which resulted in C*ckblocked being shut down — the app did not fix any of the underlying security issues that allowed easy access to its users’ exact location, which will likely pose serious problems for Grindr users in countries where homosexuality is illegal.