Grindr fixes issue that let hackers easily hijack accounts

Illustration for article titled Serious Grindr Vulnerability Let Hackers Hijack User Accounts With Just an Email Address

Photo: Leon Neal (Getty Images)

The popular LGBT+ hook-up app Grindr has fixed a glaring security flaw that allowed hackers to take over any account if they knew the user’s registered email address, TechCrunch reports.

Wassime Bouimadaghene, a French security researcher, originally uncovered the vulnerability in September. But after he shared his discovery with Grindr and was met with radio silence, he decided to team up with Australian security expert Troy Hunt, a regional director at Microsoft and the creator of the world’s largest database of stolen usernames and passwords, Have I Been Pwned?, to draw attention to an issue that put Grindr’s more than 3 million daily active users at risk.

Hunt shared these findings with the outlet and on his website Friday, explaining that the problem stemmed from Grindr’s process for letting users reset their passwords. Like many social media sites,

Read More
Read More

A security flaw in Grindr let anyone easily hijack user accounts

Grindr, one of the world’s largest dating and social networking apps for gay, bi, trans, and queer people, has fixed a security vulnerability that allowed anyone to hijack and take control of any user’s account using only their email address.

Wassime Bouimadaghene, a French security researcher, found the vulnerability and reported the issue to Grindr. When he didn’t hear back, Bouimadaghene shared details of the vulnerability with security expert Troy Hunt to help.

The vulnerability was fixed a short time later.

Hunt tested and confirmed the vulnerability with help from a test account set up by Scott Helme, and shared his findings with TechCrunch.

Bouimadaghene found the vulnerability in how the app handles account password resets.

To reset a password, Grindr sends the user an email with a clickable link containing an account password reset token. Once clicked, the user can change their password and is allowed back into

Read More
Read More

Why Warren Buffett’s way of beating the market will not be easily repeated

If you’re hoping that you’ll be the next Warren Buffett, I have some bad news for you.



Warren Buffett, Rebecca Quick standing in front of a crowd: Warren Buffett walks through the exhibit hall as shareholders gather to hear from the billionaire investor at Berkshire Hathaway's annual meeting in 2019. A new book lays out the reasons why Buffett's method of market success is increasingly hard to replicate, even for Buffett himself.


© Provided by CNBC
Warren Buffett walks through the exhibit hall as shareholders gather to hear from the billionaire investor at Berkshire Hathaway’s annual meeting in 2019. A new book lays out the reasons why Buffett’s method of market success is increasingly hard to replicate, even for Buffett himself.

If you’re hoping to pay an investment professional to outperform the market to the same extent that Buffett did, I’ve got more bad news.

Loading...

Load Error

Buffett, CEO of Berkshire Hathaway and one of the greatest investors of all time, was a very rare bird. Active managers — i.e. professional stock pickers — are constantly claiming that they can outperform market benchmarks like the S&P 500, but they almost never do, particularly over periods of time that go beyond three or more years.

That’s

Read More
Read More