Grindr is the latest social media service to get hit by the latest wave of security breaches, reports NBC. The gay hookup app was targeted by a third-party site called C*ckblocked, which exploits a security flaw in the app. C*ckblocked allowed Grindr users to see who blocked them on the app by inputting their username and passwords; once this data was provided, C*ckblocked was able to access users' personal data through the security hole. This data included private messages, identifying info, and GPS location data, even for users who shut off locations services through Grindr.
"One could, without too much difficulty or even a huge amount of technological skill, easily pinpoint a user's exact location," Trevor Faden told NBC. Faden founded C*ckblocked, and insists that while he exploited Grindr's security weakness, he did not share any private data that was collected through the site (other than showing users who blocked them). C*ckblocked has been taken offline.
Grindr confirmed the data breach in a statement to NBC: "Grindr moved quickly to make changes to its platform to resolve this issue. Grindr reminds all users that they should never give away their username and password to any third parties claiming to provide a benefit, as they are not authorized by Grindr and could potentially have malicious intent." Grindr has patched the security flaw that allowed C*ckblock to obtain data, reported Gizmodo. PAPER has reached out to Grindr for comment.
The moral of the story: Do not give out your username and passwords. It doesn't matter if it's a dumb Facebook quiz, a face-swapping meme, or a third-party social media app. Stick to official sites and apps and keep your passwords hidden under a mattress.