DATING WEB SITE Grindr has admitted to an attack that might have exposed its users' photos and details.
A hacker has been able to access the database for Grindr's users using a simple userid code instead of proper authentication. The Grindr app to access its web site is available for Android, IOS and Blackberry devices and allows users to search for, chat with and locate gay men.
Grindr said in a blog post, "As a result of Grindr's on-going investigation, we took legal and technological actions to block a site that violated our terms of service. This site impacted a small number of primarily Australian Grindr users and it remains shut down."
This 'small number' of users is more than 100,000, according to The Sydney Morning Herald. The hacker was able to use the same user login code to log in and impersonate users, sending photos, chatting and accessing their data. The problem is also present in Blendr, the version of the app for straight people.
Graham Cluley, senior technology consultant at Sophos said, "It's an elementary security mistake that we have seen many websites caught out by before, not that that will be any consolation to the romance-hunting users of Grindr and Blendr."
The firm admitted that it had been hacked on Twitter, saying that an update would be released to improve security.
@concupiscentguy we are releasing an update in the next few days— Grindr (@Grindr) January 20, 2012
However, the blog post said, "Our users can be assured that Grindr does not retain chat history, credit card information, or addresses - and no such information was ever compromised."
As well as looking at sorting its security out itself, Grindr is looking to its users to help out by reporting suspicious activity to firstname.lastname@example.org. µ