Queerty is better as a member

Log in | Register
  EASY 2 HACK?

Federal Government Launches Inquiry Into Grindr’s Security

In January, it came to light that an Australian hacker had seriously compromised Grindr. The hacker figured out how to impersonate another user, and he set up a webpage showing how you could steal users’ pictures as well as any that anyone had sent them.

Now the U.S. federal government has taken it upon themselves to “question Grindr/Blendr’s privacy and security measures” in light of this recent data breach. Rep. Henry A. Waxman and Rep. G.K. Butterfield, ranking members of the Committee on Energy and Commerce (Grindr is all about energy and commerce), sent the following letter to Joel Simkhai, founder and CEO of Grindr and its straight cousin Blendr.

The letter reads:

Every online service that asks its users to trust it with the transmission or collection of their information—whether it is a social network, a dating service, a retailer, or a financial institution—has an obligation to its customers to properly secure that information.  Ensuring adequate security for users’ information is an essential element of protecting their privacy.

Then they start asking some serious questions. Like this:

Have Grindr, Grindr Xtra, or Blendr experienced any other breaches of any size in which any user provided information—including, but not limited to, chats, photos, linked social network accounts, and profile information—was compromised?

And this:

You claimed that you would rush to release a security update for your applications in a “few days.” However, it took you up to three weeks to release those updates. Please explain why it took you two weeks to release the security updates for Grindr and Grindr Xtra, and three weeks for Blendr, when a security expert claimed that securing your application “wouldn’t be too hard.”

Ouch! The full text of the letter is here (PDF). We contacted Grindr for a response, and this is what they had to say:

As has been reported earlier this year, when issues were raised concerning potential security issues, Grindr took significant steps to address those concerns.

Indeed, in the last several weeks, Grindr has implemented security improvements addressing reported vulnerabilities to all of its applications including Grindr and Blendr on all platforms. We have required all users to upgrade to the latest releases.

These steps were completed before Grindr received a letter from Congressman Henry Waxman and G.K. Butterfield, today, February 23, 2012. Grindr is reviewing the letter and will diligently focus on their questions and respond to the committee in due course.

By:           Evan Mulvihill
On:           Feb 24, 2012
Tagged: , , , , ,

  • 7 Comments
    • DanChi
      DanChi

      I would love to be the federal agent checking out the security of grindr! Yeah.. Security.. Uh huh…

      Feb 24, 2012 at 10:00 am · @ReplyReply to this comment ·
    • Brian
      Brian

      So basically all those Republican Senators want to know if anyone stole their junk pics?

      Feb 24, 2012 at 10:14 am · @ReplyReply to this comment ·
    • Brandon
      Brandon

      all i can say is….the iphone has a screen cap capability xDD *stealing pics achieved*

      Feb 24, 2012 at 11:07 am · @ReplyReply to this comment ·
    • B
      B

      No. 2 · Brian wrote, “So basically all those Republican Senators want to know if anyone stole their junk pics?” It’s a bipartisan issue and is not just about grindr, which is only one of the latest examples of the problem.

      People don’t want their address books stolen, and not because of “junk pics”. Knowing someone’s business contacts can be valuable to a competitor, for example.

      Try http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2012/02/22/national/a210311S30.DTL for details as to what government officials are doing.

      Feb 24, 2012 at 2:32 pm · @ReplyReply to this comment ·
    • MotorGay.net
      MotorGay.net

      It is so easy to screen capture someone’s pics. Have you seen this website?

      http://www.douchebagsofgrindr.com/

      Feb 24, 2012 at 2:47 pm · @ReplyReply to this comment ·
    • Dave
      Dave

      I’m sure the breaches didn’t crash as much as Grindr. I don’t see how an app with such simple business logic can fail in so many ways.

      Feb 24, 2012 at 5:13 pm · @ReplyReply to this comment ·
    • Heh
      Heh

      This is another example of why an iPhone isn’t a proper business device. They cannot be locked down, so if some idiot loads an app with a contact-book stealer or other malware on it (like Path or Grindr), your company’s secrets can end up in a competitor’s hands in minutes.

      Feb 27, 2012 at 2:06 am · @ReplyReply to this comment ·

    Add your Comment

    Please log in to add your comment

    Need an account? Register It's free and easy.



  • POPULAR ON QUEERTY

    FOLLOW US
     



    GET QUEERTY'S DAILY NEWSLETTER


    FROM AROUND THE WEB

    !-- Sailthru Horizon -->
    Copyright 2014 Queerty, Inc.
    Follow Queerty at Queerty.com, twitter.com/queerty and facebook.com/queerty.