![grindr account grindr account](https://visavit.com/wp-content/uploads/2021/08/capture-20210810-095016-4.png)
Teaching people to trust services like C*ckblocked, Shamas added, could make future attacks with malicious intent more successful. Shamas said while Faden may not have created the site with malicious intent, there are risks when giving login information to third parties. “My response is to tell people to not type anything in and not use it.” “When I saw it, my immediate thought was, ‘This is a very similar social engineering attack to a phishing site,’” Shamas said. Norman Shamas, an independent cyber security consultant, said the initial landing page of C*ckblocked resembled any standard phishing scam. Faden said he did not store their login information. His algorithm took the authentication tokens sent back from Grindr servers, then accessed each user’s metadata to show them who blocked their accounts. By the following Wednesday, nearly 50,000 people had signed on to the service with the emails and passwords they use for their personal Grindr accounts, according to Faden. “LGBTQ folks have vastly different legal standing across countries and continents,” Holmes added.Ĭ*ckblocked - which was neither associated with Grindr nor the Chinese gaming company Beijing Kunlun Tech, which owns a majority stake in Grindr - first went live on Friday, March 16.
![grindr account grindr account](https://pbs.twimg.com/media/EEau_xFXoAAAbTv.jpg)
Holmes said unlike Twitter, which is more public and which is transparent about who has blocked whom, Grindr introduces the additional layer of sexual orientation, and the release of a user's personal information could lead to increased stalking and other forms of sex-based harassment. Homosexuality is illegal in more than 70 nations, and 13 of them implement the death penalty for homosexual acts, according to a 2016 report by the International Lesbian, Gay, Bisexual, Trans and Intersex Association (ILGA). Grindr has users in 234 countries and territories around the world. Location data for Grindr users is particularly sensitive. Two years after the location data was first revealed and addressed by Grindr, security researchers found they were still able to figure out users’ locations. Grindr did make some changes, allowing users to turn off its pinpoint location function and turning off the default location option in countries where gay people face violence and persecution. Grindr’s security issues first came to light in 2014, when security researchers at cybersecurity firm Synack found that Grindr let any user see the profiles and locations of people anywhere in the world. This is not the first time that issues with Grindr’s security around location data has been reported. Two independent cybersecurity researchers, neither affiliated with Faden nor Grindr, backed up Faden's claim.įaden said that he did not share or collect any user data to which he was given access other than telling Grindr users that accessed his website who had blocked them on the app.
![grindr account grindr account](https://delete.wiki/wp-content/uploads/2020/10/Confirm-Account-Deletion-3-860x1536.png)
“One could, without too much difficulty or even a huge amount of technological skill, easily pinpoint a user's exact location," Faden explained. Faden found that he could find the location of users who had opted out if they connected their Grindr profiles through his third-party website. Grindr makes public the location of many of its users, but allows for users to opt out of this feature. Once they did so, Faden was able to gain access to a trove of user data that is not publicly available on user profiles, including unread messages, email addresses, deleted photos, and the location data of users, some of whom have opted to not share their locations publicly.įaden’s website exploited a similar security loophole to the one that leaked the information of 50 million Facebook users through a quiz connected to the social network, highlighting the risk that people face in using existing social media accounts to log in to other services.
![grindr account grindr account](https://gayety.co/wp-content/uploads/2018/06/guy-on-grindr.jpg)
His website allowed users to see who blocked them on Grindr after they entered their Grindr username and password. The security flaw was identified by Trever Faden, CEO of the property management startup Atlas Lane, after he created a website called C*ckblocked (the asterisk is part of the name of the service).