News
Grindr security flaw exposes user location data
the breach put more than three million daily users at risk
(Logo courtesy of Grindr)
More than three million of Grindr’s daily users were temporarily put at risk because of a major security flaw in the app that was exposed by a third-party site.
C*ckblocked, a now-defunct site that allowed Grindr users to view who blocked them by entering a Grindr user name and password, was able to access user information from Grindr’s Application programming interface (API). The information included email addresses, deleted photos, personal messages and the location of users.
Trever Faden, founder of C*ckblocked, told NBC that it would be easy for anyone to access a user’s private information.
“One could, without too much difficulty or even a huge amount of technological skill, easily pinpoint a user’s exact location,” Faden told NBC.
In a separate security issue, Faden claimed that Grindr users’ location, which must be inputed directly into the app and not via a third-party site, was not encoded and could be accessed by anyone monitoring public online traffic.
Faden emphasized that the ability to find a user’s location was “a feature, not a bug.”
NBC reports that two independent cybersecurity researchers confirmed the security flaw.
After Faden informed Grindr of the security issues, Grindr blocked the flaw that allowed third-party sites like C*ckblocked to receive data.
Grindr released a statement advising users not to use their username and password for other sites.
“Grindr moved quickly to make changes to its platform to resolve this issue. Grindr reminds all users that they should never give away their username and password to any third parties claiming to provide a benefit, as they are not authorized by Grindr and could potentially have malicious intent,” the statement reads.
However, Grindr denied that user location isn’t encoded.
“Grindr is a location-based app. Location is a critical element of our social network platform. This allows our users to feel connected to our community in a world that would seek to isolate us. That said, all information transmitted between a user’s device and our servers is encrypted and communicated in a way that does not reveal your specific location to unknown third parties,” Grindr’s Chief Technology Officer Scott Chen told the Huffington Post.
The company also released a statement on Twitter to inform users that the problems have been addressed and to be safe using their service.
As a company that serves the LGBTQ community, we understand the delicate nature of our users’ privacy. Ensuring safety and security of our users is of paramount importance to us and will continue to be our top priority. pic.twitter.com/vD2zXqxSr0
— Grindr (@Grindr) March 29, 2018
The flaw is similar to the one in the Facebook/Cambridge Analytica scandal, which allegedly exposed the personal data of 50 million users.
District of Columbia
Layoffs and confusion at Pride Center of Maryland after federal grants cut, reinstated
Trump administration move panicked addiction and mental health programs
By ALISSA ZHU | After learning it had abruptly lost $2 million in federal funding, the Pride Center of Maryland moved to lay off a dozen employees, or about a third of its workforce, the Baltimore nonprofit’s leader said Thursday.
The group is one of thousands nationwide that reportedly received letters late Tuesday from the Trump administration. Their mental health and addiction grants had been terminated, effective immediately, the letters said.
By Wednesday night, federal officials moved to reverse the funding cuts by the Substance Abuse and Mental Health Services Administration, estimated to total $2 billion, according to national media reports. But the Pride Center of Maryland’s CEO Cleo Manago said as of Thursday morning he had not heard anything from the federal government confirming those reports.
The rest of this article can be read on the Baltimore Banner’s website.
The Comings & Goings column is about sharing the professional successes of our community. We want to recognize those landing new jobs, new clients for their business, joining boards of organizations and other achievements. Please share your successes with us at [email protected].
Congratulations to Vida Rangel, JD/MPP on her promotion to Deputy Director of the Mayor’s Office of Talent and Appointments. Rangel is now the highest-ranking transgender official in the history of District government. On accepting the position Rangel said, “I am proud to step into this leadership role and to continue serving my communities. Our District is full of passionate and knowledgeable people who are committed to public service, and it is an honor to help them explore opportunities to serve their neighbors.”
Rangel has previously served in this office as Director of Operations. Prior to this as Bargaining Committee Chair, Organizing Committee, NCTE United, Nonprofit Professional Employees Union IFTPE Local 70. As Policy Counsel, National Center for Transgender Equality; and Elizabeth Warren for President, lead organizer, Illinois 4th Congressional District. She has worked with, and served on boards of, The Black & Pink National, Federal City Performing Arts Assoc., and LAGBAC.
Rangel earned her bachelor’s in sociology from Sam Houston State University; master’s of Public Policy from Loyola University, Chicago; and Juris Doctor, Loyola University, Chicago.
Congratulations also to James Conlon new PFLAG vice president of Development & Philanthropic Partnerships. Upon his appointment Conlon said, “It is an absolute privilege to join PFLAG National and lead their Development & Philanthropic Partner team into a new era. Right now, LGBTQ+ people and their families are terrified of what the future might bring, and PFLAG must continue to be there. My job is to ensure PFLAG strongly endures and thrives, because never has there been a clearer time for our community to unite in fighting for the dignity and well-being of every LGBTQ+ person.”
Brian Bond, CEO, PFLAG National, said, “At a time when PFLAG National programs and participation in them have grown significantly, even as corporate giving has left a $1.3M gap in our funding, James is a critical new addition to the team. With his vast expertise, James will drive our growth and ensure that PFLAG continues meeting the needs of families and communities across the country.”
Conlon is a seasoned fundraiser who has spent extensive time working with advocates, supporters, and leaders, of the LGBTQ+ movement to understand how to effectively support the community. He began his career as an intern in the Massachusetts State House. He has helped raise more than $60 million for critical causes and candidates. Prior to joining PFLAG James oversaw LGBTQ+ investments and fundraising, with the Democratic National Committee (DNC). Prior to that he served in the same role for Harris-Walz 2024, and additionally served in senior fundraising positions for the Senate Majority PAC, as well as for Representatives Josh Gottheimer, and Conor Lamb.
Conlon earned his bachelor’s degree in political science and government from the University of Massachusetts, Amherst.
District of Columbia
D.C.’s annual MLK Peace Walk and Parade set for Jan. 19
LGBTQ participants expected to join mayor’s contingent
Similar to past years, members of the LGBTQ community were expected to participate in D.C.’s 21st annual Martin Luther King Jr. Day Peace Walk and Parade scheduled to take place Monday, Jan. 19.
Organizers announced this year’s Peace Walk, which takes place ahead of the parade, was scheduled to begin at 10:30 a.m. at the site of a Peace Rally set to begin at 9:30 a.m. at the intersection of Firth Sterling Avenue and Sumner Road, S.E., a short distance from Martin Luther King Jr. Avenue.
The Peace Walk and the parade, which is scheduled to begin at 11 a.m. at the same location, will each travel along Martin Luther King Jr. Avenue a little over a half mile to Marion Barry Avenue near the 11th Street Bridge where they will end.
Japer Bowles, director of D.C. Mayor Muriel Bowser’s Office of LGBTQ Affairs, said he and members of his staff would be marching in the parade as part of the mayor’s parade contingent. In past years, LGBTQ community members have also joined the mayor’s parade contingent.
Stuart Anderson, one of the MLK Day parade organizers, said he was not aware of any specific LGBTQ organizations that had signed up as a parade contingent for this year’s parade. LGBTQ group contingents have joined the parade in past years.
Denise Rolark Barnes, one of the lead D.C. MLK Day event organizers, said LGBTQ participants often join parade contingents associated with other organizations.
Barnes said a Health and Wellness Fair was scheduled to take place on the day of the parade along the parade route in a PNC Bank parking lot at 2031 Martin Luther King Jr. Ave., S.E.
A statement on the D.C. MLK Day website describes the parade’s history and impact on the community.
“Established to honor the life and legacy of Rev. Dr. Martin Luther King, Jr., the parade united residents of Ward 8, the District, and the entire region in the national movement to make Dr. King’s birthday a federal holiday,” the statement says. “Today, the parade not only celebrates its historic roots but also promotes peace and non-violence, spotlights organizations that serve the community, and showcases the talent and pride of school-aged children performing for family, friends, and community members.”
Layoffs and confusion at Pride Center of Maryland after federal grants cut, reinstated
Comings & Goings
D.C.’s annual MLK Peace Walk and Parade set for Jan. 19
Love board games and looking for love?
Calendar: January 16-22
Ford’s ‘First Look’ festival showcases three new productions
Mid-Atlantic Leather kicks off this week
Stress-free lease renewals during winter months
PHOTOS: ‘ICE Out For Good’ Sunday protests
