A serious security vulnerability in Grindr, the most popular dating app for gay, bi, trans, and queer people, has been discovered, which could have allowed anyone to infiltrate and take over a Grindr account simply by knowing the account holder’s email address.
As well as making it easy for bad actors to impersonate other people, the vulnerability would have given them easy access to potentially highly sensitive information, including the user’s HIV status, intimate pictures, dating history and sexual orientation.
In a blog post explaining how the vulnerability could be exploited, security researcher Troy Hunt described it as “one of the most basic account takeover techniques I’ve seen,” adding that “the ease of exploit is unbelievably low and the impact is obviously significant.”
He flagged the security flaw to Grindr after being tipped off by French security researcher Wassime Bouimadaghene, who had repeatedly tried to warn the company about it,
Marvel’s Avengers has had a tough launch. The game has endeared itself to players with a strong story and a pretty fun post-campaign live game component–even though the two parts didn’t really gel–but it’s been plagued with bugs since its release. With a new update, developer Crystal Dynamics is hoping to clear out the infestation, claiming to address more than 1,000 issues. Some of these are relatively small, while other fixes are for game-breaking bugs.
As Crystal Dynamics notes on the Avengers website, Update 1.3.0 is the first big patch since Avengers’ launch, built in response to bug reports it has received from players on Reddit and elsewhere. The focus is mostly on bugs at this point, with quality-of-life changes coming down the line in later updates. For the time being, though, there are a lot of bugs to patch, ranging from weird graphical issues to major problems.