Imagine running a dating app and being told accounts could be easily hijacked. How did that feel, Grindr?

3 October 2020

In brief LGBTQ dating site Grindr has squashed a security bug in its website that could have been trivially exploited to hijack anyone’s profile using just the victim’s email address. French bug-finder Wassime Bouimadaghene spotted that when you go to the app’s website and attempt to reset an account’s password using its email address, the site responds with a page that tells you to check your inbox for a link to reset your login details – and, crucially, that response contained a hidden token.

Read full article on The Register

Date:

3 October 2020

Categorie(s):

NEWS

Tag(s):

Grindr, How, Imagine, IT, News

Cyberthreats linked to foreign actors aim to hinder Election Day proceedings5 November 2024
DocuSign’s API used to lure victims into e-signing fake invoices5 November 2024
Schneider Electric ransomware crew demands $125k paid in baguettes5 November 2024
How to Become a Chief Information Officer: CIO Cheat Sheet5 November 2024
Research: Extending corporate life of laptops by just one year can reduce harmful emissions by 25%5 November 2024