Hacker's Warning: Grindr Bug IDs Users' Exact Locations

by Kilian Melloy

EDGE Staff Reporter

Saturday August 23, 2014

Hacker's Warning: Grindr Bug IDs Users' Exact Locations

A hacker has sent warning messages to over 100,00 users worldwide of the popular hookup app Grindr, claiming that a flaw in the app allows the exact locations of users to be determined, UK GLBT news site Pink News reported on August 22.

The hacker or hackers behind the claim made an effort to warn users living in countries with anti-gay laws, according to a an Aug. 20 posting at the source Pink News referred to, tech news site NDTV.

The party behind the warning messages "claims to have used a secondary flaw to be able to send messages to over 100,000 users in 70 countries with anti-gay laws," NDTV reported. "The messages and posts express concern that Grindr users might be targeted, persecuted or even murdered."

The NDTV post said that the hackers had also posted news of the app's alleged flaw at various social media sites, including YouTube and Pastebin text dump.

One such notification at Pastebin took Grindr to task, claiming, "officials at Grindr have been informed several times within the past months about these issues, which would seem to imply that the concept of 'social responsibility' is lost upon Grindr.... Knowing that Grindr-Users in countries such as these are being put unnecessarily at a high risk should be reason enough for Grindr to change its system."

The Pastebin posting added, "Geo-based (dating) apps use the location of every user to show distances to each other. Using the same process as GPS satellites, it is possible for a malicious entity to perform a lateration[4], sending distance-requests from three different points and using the responses to calculate the exact position of a particular user."

As a result of the flaw, the NDTV report alleges, "With a single click, user profiles are displayed as pins on a map." Moreover, "message senders can be spoofed, and users can be impersonated."

The NDTV report referenced a recent triple homicide in which a perpetrator in Lahore, India, used another hookup app, ManJam, to lure his victims. The killer justified his actions by saying that he wished to counter a "spreading evil in society."

The claim regarding the alleged Grindr security flaw comes in the wake of a string of alleged incidents in which users have reportedly been identified for blackmail or violence. A Seattle man stands accused of using Grindr to identify two murder victims. In Philadelphia, a 25-year-old Grindr user reportedly was killed after meeting in person with someone he'd encountered on the app.

In another incident, Grindr has been named in a lawsuit by a man who claims he was the victim of negligence by Grindr that resulted in his being arrested for meeting up with an underage teen.

Grindr responded to a query from Pink News with an email message, the UK site reported.

"For Grindr users concerned about showing their proximity, we make it very easy for them to remove this option and we encourage them to disable 'show distance' in their privacy settings," the email from Grindr read. "As always, our user security is our top priority and we do our best to keep our Grindr community secure."

Kilian Melloy serves as EDGE Media Network's Associate Arts Editor and Staff Contributor. His professional memberships include the National Lesbian & Gay Journalists Association, the Boston Online Film Critics Association, The Gay and Lesbian Entertainment Critics Association, and the Boston Theater Critics Association's Elliot Norton Awards Committee.


This story is part of our special report titled HomoTech. Want to read more? Here's the full list.