The popular gay hookup app Grindr admitted Friday that a recent hack completely exposed users’ accounts, including personally identifying information, ongoing conversations and photographs, many of which contain explicit nudity.
Grinder, a smartphone app immensely popular in the gay community for helping to facilitate sexual encounters with random strangers, has over 3 million users worldwide.
A hacker in Australia learned how to gain access to the location-aware app and log in as any of the users, according to The Sydney Morning Herald. The attack gave the intruder access to all the information in each users’ account, and even enabled the hacker to monitor ongoing chats and communicate with other users while impersonating a member.
The same hack also worked on the straight version of Grindr, known as Blendr, but the paper noted that the network’s owners had no indication that Blendr was hacked. Grindr creator Joel Simkhai told reporter Ben Grubb that the apps would be patched in the coming days.
The promise of a forthcoming patch isn’t likely to appease Grindr’s massive user base, many of whom could now be quite literally exposed to whomever gained access to their personal information. Grindr did not say whether any of the information was downloaded, and the hacker responsible hasn’t come forward.
A security researcher who spoke to The Sydney Morning Herald reportedly said that Grindr and Blendr had “no real security” built in, although the developers insist that they do not store users’ chat logs, so at least users’ prior communications were not exposed.