News
Grindr security flaw exposes user location data
the breach put more than three million daily users at risk
(Logo courtesy of Grindr)
More than three million of Grindr’s daily users were temporarily put at risk because of a major security flaw in the app that was exposed by a third-party site.
C*ckblocked, a now-defunct site that allowed Grindr users to view who blocked them by entering a Grindr user name and password, was able to access user information from Grindr’s Application programming interface (API). The information included email addresses, deleted photos, personal messages and the location of users.
Trever Faden, founder of C*ckblocked, told NBC that it would be easy for anyone to access a user’s private information.
“One could, without too much difficulty or even a huge amount of technological skill, easily pinpoint a user’s exact location,” Faden told NBC.
In a separate security issue, Faden claimed that Grindr users’ location, which must be inputed directly into the app and not via a third-party site, was not encoded and could be accessed by anyone monitoring public online traffic.
Faden emphasized that the ability to find a user’s location was “a feature, not a bug.”
NBC reports that two independent cybersecurity researchers confirmed the security flaw.
After Faden informed Grindr of the security issues, Grindr blocked the flaw that allowed third-party sites like C*ckblocked to receive data.
Grindr released a statement advising users not to use their username and password for other sites.
“Grindr moved quickly to make changes to its platform to resolve this issue. Grindr reminds all users that they should never give away their username and password to any third parties claiming to provide a benefit, as they are not authorized by Grindr and could potentially have malicious intent,” the statement reads.
However, Grindr denied that user location isn’t encoded.
“Grindr is a location-based app. Location is a critical element of our social network platform. This allows our users to feel connected to our community in a world that would seek to isolate us. That said, all information transmitted between a user’s device and our servers is encrypted and communicated in a way that does not reveal your specific location to unknown third parties,” Grindr’s Chief Technology Officer Scott Chen told the Huffington Post.
The company also released a statement on Twitter to inform users that the problems have been addressed and to be safe using their service.
As a company that serves the LGBTQ community, we understand the delicate nature of our users’ privacy. Ensuring safety and security of our users is of paramount importance to us and will continue to be our top priority. pic.twitter.com/vD2zXqxSr0
— Grindr (@Grindr) March 29, 2018
The flaw is similar to the one in the Facebook/Cambridge Analytica scandal, which allegedly exposed the personal data of 50 million users.
U.S. Supreme Court
Activists rally for Andry Hernández Romero in front of Supreme Court
Gay asylum seeker ‘forcibly deported’ to El Salvador, described as political prisoner
More than 200 people gathered in front of the U.S. Supreme Court on Friday and demanded the Trump-Vance administration return to the U.S. a gay Venezuelan asylum seeker who it “forcibly disappeared” to El Salvador.
Lindsay Toczylowski, president of the Immigrant Defenders Law Center, a Los Angeles-based organization that represents Andry Hernández Romero, is among those who spoke alongside U.S. Rep. Mark Takano (D-Calif.) and Human Rights Campaign Campaigns and Communications Vice President Jonathan Lovitz. Sarah Longwell of the Bulwark, Pod Save America’s Jon Lovett, and Tim Miller are among those who also participated in the rally.
“Andry is a son, a brother. He’s an actor, a makeup artist,” said Toczylowski. “He is a gay man who fled Venezuela because it was not safe for him to live there as his authentic self.”
(Video by Michael K. Lavers)
The White House on Feb. 20 designated Tren de Aragua, a Venezuelan gang, as an “international terrorist organization.”
President Donald Trump on March 15 invoked the Alien Enemies Act of 1798, which the Associated Press notes allows the U.S. to deport “noncitizens without any legal recourse.” The Trump-Vance administration subsequently “forcibly removed” Hernández and hundreds of other Venezuelans to El Salvador.
Toczylowski said she believes Hernández remains at El Salvador’s Terrorism Confinement Center, a maximum-security prison known by the Spanish acronym CECOT. Toczylowski also disputed claims that Hernández is a Tren de Aragua member.
“Andry fled persecution in Venezuela and came to the U.S. to seek protection. He has no criminal history. He is not a member of the Tren de Aragua gang. Yet because of his crown tattoos, we believe at this moment that he sits in a torture prison, a gulag, in El Salvador,” said Toczylowski. “I say we believe because we have not had any proof of life for him since the day he was put on a U.S. government-funded plane and forcibly disappeared to El Salvador.”
“Andry is not alone,” she added.
Takano noted the federal government sent his parents, grandparents, and other Japanese Americans to internment camps during World War II under the Alien Enemies Act. The gay California Democrat also described Hernández as “a political prisoner, denied basic rights under a law that should have stayed in the past.”
“He is not a case number,” said Takano. “He is a person.”
Hernández had been pursuing his asylum case while at the Otay Mesa Detention Center in San Diego.
A hearing had been scheduled to take place on May 30, but an immigration judge the day before dismissed his case. Immigrant Defenders Law Center has said it will appeal the decision to the Board of Immigration Appeals, which the Justice Department oversees.
“We will not stop fighting for Andry, and I know neither will you,” said Toczylowski.
Friday’s rally took place hours after Attorney General Pam Bondi said Kilmar Abrego Garcia, a Maryland man who the Trump-Vance administration wrongfully deported to El Salvador, had returned to the U.S. Abrego will face federal human trafficking charges in Tennessee.
The Washington Blade hosted the inaugural WorldPride Boat Parade at The Wharf DC on Friday, June 6. NBC4’s Tommy McFly served as the emcee.
(Washington Blade photos by Michael Key)
The 2025 Capital Pride Honors awards ceremony and gala reception was held at the National Building Museum on Thursday, June 5. Honorees included Cathy Renna, Jerry St. Louis, Ernest Hopkins, Lamar Braithwaite, Rev. Dr. Donna Claycomb Sokol, Kriston Pumphrey, Gia Martinez, Kraig Williams and SMYAL. Presenters and speakers included U.S. Rep. Mark Takano (D-Calif.), Amber Ruffin, Raven-Symoné and Paul Wharton.
(Washington Blade photos by Michael Key)
Activists rally for Andry Hernández Romero in front of Supreme Court
PHOTOS: WorldPride Boat Parade
PHOTOS: Capital Pride Honors
Wasserman Schultz: Allies must do more to support LGBTQ Jews
PHOTOS: Latinx Pride Party
White House has ‘no plans’ to recognize Pride month
D.C. church removes Pride decorations from house rented to gay tenants
D.C. police chief rescinds request to close Dupont Circle Park for WorldPride
Making sense of a dark Pride season
U.S. Park Service orders Dupont Circle park closed during WorldPride weekend
-
The White House3 days agoWhite House has ‘no plans’ to recognize Pride month
-
District of Columbia2 days agoD.C. church removes Pride decorations from house rented to gay tenants
-
District of Columbia4 days agoD.C. police chief rescinds request to close Dupont Circle Park for WorldPride
-
Opinions3 days agoMaking sense of a dark Pride season