.png "back to home page")
Login to comment
The bug is now fixed, thanks to @wasbou reporting the issue. @troyhunt and @scott_helme also verified the bug. “This is one of the most basic account takeover techniques I’ve seen." Any who knew where to look could've hijacked a Grindr account in seconds.https://t.co/BeFrrLRN8Z
— Zack Whittaker (@zackwhittaker) October 2, 2020
This vulnerability was definitely a critical issue. Concerning a company the size of Grindr could have such a flaw. https://t.co/0PtHFdRvW8
— Sean Wright (@SeanWrightSec) October 2, 2020
It’s literally copy-paste. “This is one of the most basic account takeover techniques I've seen.” More details on the Grindr vuln by @troyhunt: https://t.co/8PyBH2SOhA
— kyrah (@kyrah) October 3, 2020
So this is bad. https://t.co/zoommh3pYb
— Eva (@evacide) October 2, 2020
Whist we try not to 'over-egg the pudding' in these matters, this was a trivial attack to hack into and fully takeover *any* Grindr account you wanted, it's pretty bad: https://t.co/jp77PqZly2 @troyhunt @wasbou
— Scott Helme (@Scott_Helme) October 2, 2020
New: A major security vulnerability in dating app Grindr allowed anyone with a user's email address to reset their password, hijack their account, and access their private data.https://t.co/yZPgKkF2FU
— Zack Whittaker (@zackwhittaker) October 2, 2020
lol hard to believe this wasn't intentionalhttps://t.co/SmuTYWefp1
— Paul Gold ? (@RealOldPaul) October 3, 2020
apologies to everyone who received my unsolicited nudes during this security breach https://t.co/hdDpyg3Vy0
— Shon (@shonwashed) October 3, 2020
Here's how it worked: A user resets their password, and the password reset token is sent as a clickable link to the user's email. But the token was also leaked to the browser, making it very easy for an attacker to create their own password reset link.
— Zack Whittaker (@zackwhittaker) October 2, 2020
➡️ https://t.co/mupvYuZDSh pic.twitter.com/xlvSKQUFQv
“Grindr has fixed a security vulnerability that allowed anyone to hijack and take control of any user’s account using only their email address.” I wonder how such basic flaws ever make it into prod? https://t.co/XZpOVNEz6j
— kyrah (@kyrah) October 3, 2020
So here's the @Grindr story and how a simple vulnerability found by @wasbou made it trivial to takeover @Scott_Helme's account by copying and pasting a token out of the password reset response page: https://t.co/HCE6O1Vltf
— Troy Hunt (@troyhunt) October 2, 2020
Just blogged: Hacking Grindr Accounts with Copy and Paste https://t.co/IconP1ndsd
— Troy Hunt (@troyhunt) October 2, 2020
lol hard to believe this wasn't intentionalhttps://t.co/SmuTYWefp1
— Paul Gold ? (@RealOldPaul) October 3, 2020
Whist we try not to 'over-egg the pudding' in these matters, this was a trivial attack to hack into and fully takeover *any* Grindr account you wanted, it's pretty bad: https://t.co/jp77PqZly2 @troyhunt @wasbou
— Scott Helme (@Scott_Helme) October 2, 2020
A security flaw in #Grindr let anyone easily hijack user accounts.
— Stéphane Nappo (@StephaneNappo) October 2, 2020
? https://t.co/EYULylCbi5#Infosec #CyberSecurity #CISO #InfoSecurity #socialMedia #DataBreach #DataPrivacy pic.twitter.com/7hwXySWRzD
.@Grindr fixed a bug allowing full takeover of any user account
— Fabrizio Bustamante (@Fabriziobustama) October 3, 2020
By @BleepinComputer https://t.co/M2jLj8So3v#CyberSecurity #Infosec #technology
Cc: @archonsec @todddlyle @PVynckier @fogle_shane @AudreyDesisto @Victoryabro @BillMew @CioAmaro @Corix_JC @_SChmielewski @RagusoSergio pic.twitter.com/jqoRkxnKy1
Grindr fixed a bug allowing full takeover of any user account https://t.co/fNJ3qoyFvc
— Nicolas Krassas (@Dinosn) October 3, 2020
Login to comment
Hacking Grindr Accounts with Copy and Paste https://t.co/mZEArqBgh8
— /r/netsec (@_r_netsec) October 3, 2020
@troyhunt THIS is the best post!!! Have to thank you for making me laugh in 2020, while helping to keep people online safe.
— Carlos Court (@LeButcha) October 3, 2020
Hat tip ? Wassime BOUIMADAGHENE and Scott Helme @Scott_Helme.https://t.co/RdMkd0BFJT
Fuck this is dreadful. I mean, fine, Grindr did the right thing *once* the tweet got some attention (and good for them for raising a bounty programme afterwards) but still... how did not even the most basic developer see this flaw?https://t.co/qoDyKTE0R8
— Chris Ward :: #BlackLivesMatter #TransLivesMatter (@christopherward) October 3, 2020
Grindr has fixed a security vulnerability that allowed anyone to hijack and take control of any user’s account using only their email address.
— Adam Levin (@Adam_K_Levin) October 3, 2020
https://t.co/E4veExYAij
Login to comment