Grindr’s Bug Bounty Pledge Doesn’t Translate to Security

6 October 2020

SAS@Home 2020– After a Grindr security flaw was disclosed this week, the dating site promised it would launch a bug-bounty program in an effort to “[keep its] service secure.” But Katie Moussouris, CEO of Luta Security and a bug bounty program expert, warned at this week’s SAS@home virtual event that simply launching a bug-bounty program won’t result in better security. The Grindr bug, which allowed attackers to launch password resets without accessing a user’s email inbox, made news headlines as it was extremely trivial to exploit.

Read full article on Threat Post

Date:

6 October 2020

Categorie(s):

NEWS

Tag(s):

Bugcrowd, CISA, Governments, Grindr, HackerOne

Canada arrests suspected hacker over breach of 160+ Snowflake users’ data6 November 2024
Cyberthreats linked to foreign actors aim to hinder Election Day proceedings5 November 2024
DocuSign’s API used to lure victims into e-signing fake invoices5 November 2024
Schneider Electric ransomware crew demands $125k paid in baguettes5 November 2024
How to Become a Chief Information Officer: CIO Cheat Sheet5 November 2024