An anonymous spammer has been sending messages through Grindr by the thousands, warning users that they might be endangering themselves all in name’s sake for a good time.
This unknown person has been warning people of a security flaw that could allow anyone with some computer and programming knowledge to easily trace their exact location. The unknown user has been sending links to a Twitter account, a YouTube video and Pastebin text dump explaining the security flaw, specifically sending the information to users in countries with very stringent anti-gay laws.
The anonymous spammer has sent the message to more than 100,000 users in 70 different countries that have anti-gay laws.
Grindr, an app used by gay and bisexual men to meet up with one and other indiscreetly, could possibly allow users to be targeted for what they have been trying to keep quiet in the first place.
The anonymous author wrote in the Pastebin dump:
“Officials at Grindr have been informed several times within the past months about these issues, which would seem to imply that the concept of ‘social responsibility’ is lost upon Grindr (sic).”
The flaw allows anyone to gain access to Grindr’s servers by extrapolating and querying the servers from three different places and triangulating the information. This allows for coordinates to appear for a specific user that can be easily overlaid on a map to determine their exact location.
Another flaw was also detailed in the Pastebin, stating how message senders can be spoofed and impersonated. The Pastebin also provided users with specific instructions which included details of Grindr’s messaging protocols and server addresses to help protect themselves against these flaws.
“Knowing that Grindr-Users in countries such as these are being put unnecessarily at a high risk should be reason enough for Grindr to change its system,” added the anonymous user.
