Federal Government Launches Inquiry Into Grindr’s Security

In January, it came to light that an Australian hacker had seriously compromised Grindr. The hacker figured out how to impersonate another user, and he set up a webpage showing how you could steal users’ pictures as well as any that anyone had sent them.

Now the U.S. federal government has taken it upon themselves to “question Grindr/Blendr’s privacy and security measures” in light of this recent data breach. Rep. Henry A. Waxman and Rep. G.K. Butterfield, ranking members of the Committee on Energy and Commerce (Grindr is all about energy and commerce), sent the following letter to Joel Simkhai, founder and CEO of Grindr and its straight cousin Blendr.

The letter reads:

Every online service that asks its users to trust it with the transmission or collection of their information—whether it is a social network, a dating service, a retailer, or a financial institution—has an obligation to its customers to properly secure that information.  Ensuring adequate security for users’ information is an essential element of protecting their privacy.

Then they start asking some serious questions. Like this:

Have Grindr, Grindr Xtra, or Blendr experienced any other breaches of any size in which any user provided information—including, but not limited to, chats, photos, linked social network accounts, and profile information—was compromised?

And this:

You claimed that you would rush to release a security update for your applications in a “few days.” However, it took you up to three weeks to release those updates. Please explain why it took you two weeks to release the security updates for Grindr and Grindr Xtra, and three weeks for Blendr, when a security expert claimed that securing your application “wouldn’t be too hard.”

Ouch! The full text of the letter is here (PDF). We contacted Grindr for a response, and this is what they had to say:

As has been reported earlier this year, when issues were raised concerning potential security issues, Grindr took significant steps to address those concerns.

Indeed, in the last several weeks, Grindr has implemented security improvements addressing reported vulnerabilities to all of its applications including Grindr and Blendr on all platforms. We have required all users to upgrade to the latest releases.

These steps were completed before Grindr received a letter from Congressman Henry Waxman and G.K. Butterfield, today, February 23, 2012. Grindr is reviewing the letter and will diligently focus on their questions and respond to the committee in due course.