In January, it came to light that an Australian hacker had seriously compromised Grindr. The hacker figured out how to impersonate another user, and he set up a webpage showing how you could steal users’ pictures as well as any that anyone had sent them.
Now the U.S. federal government has taken it upon themselves to “question Grindr/Blendr’s privacy and security measures” in light of this recent data breach. Rep. Henry A. Waxman and Rep. G.K. Butterfield, ranking members of the Committee on Energy and Commerce (Grindr is all about energy and commerce), sent the following letter to Joel Simkhai, founder and CEO of Grindr and its straight cousin Blendr.
The letter reads:
Every online service that asks its users to trust it with the transmission or collection of their information—whether it is a social network, a dating service, a retailer, or a financial institution—has an obligation to its customers to properly secure that information. Ensuring adequate security for users’ information is an essential element of protecting their privacy.
Then they start asking some serious questions. Like this:
How about we take this to the next level?
Our newsletter is like a refreshing cocktail (or mocktail) of LGBTQ+ entertainment and pop culture, served up with a side of eye-candy.
Have Grindr, Grindr Xtra, or Blendr experienced any other breaches of any size in which any user provided information—including, but not limited to, chats, photos, linked social network accounts, and profile information—was compromised?
And this:
You claimed that you would rush to release a security update for your applications in a “few days.” However, it took you up to three weeks to release those updates. Please explain why it took you two weeks to release the security updates for Grindr and Grindr Xtra, and three weeks for Blendr, when a security expert claimed that securing your application “wouldn’t be too hard.”
Ouch! The full text of the letter is here (PDF). We contacted Grindr for a response, and this is what they had to say:
As has been reported earlier this year, when issues were raised concerning potential security issues, Grindr took significant steps to address those concerns.
Indeed, in the last several weeks, Grindr has implemented security improvements addressing reported vulnerabilities to all of its applications including Grindr and Blendr on all platforms. We have required all users to upgrade to the latest releases.
These steps were completed before Grindr received a letter from Congressman Henry Waxman and G.K. Butterfield, today, February 23, 2012. Grindr is reviewing the letter and will diligently focus on their questions and respond to the committee in due course.
DanChi
I would love to be the federal agent checking out the security of grindr! Yeah.. Security.. Uh huh…
Brian
So basically all those Republican Senators want to know if anyone stole their junk pics?
Brandon
all i can say is….the iphone has a screen cap capability xDD *stealing pics achieved*
B
No. 2 · Brian wrote, “So basically all those Republican Senators want to know if anyone stole their junk pics?” It’s a bipartisan issue and is not just about grindr, which is only one of the latest examples of the problem.
People don’t want their address books stolen, and not because of “junk pics”. Knowing someone’s business contacts can be valuable to a competitor, for example.
Try http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2012/02/22/national/a210311S30.DTL for details as to what government officials are doing.
MotorGay.net
It is so easy to screen capture someone’s pics. Have you seen this website?
http://www.douchebagsofgrindr.com/
Dave
I’m sure the breaches didn’t crash as much as Grindr. I don’t see how an app with such simple business logic can fail in so many ways.
Heh
This is another example of why an iPhone isn’t a proper business device. They cannot be locked down, so if some idiot loads an app with a contact-book stealer or other malware on it (like Path or Grindr), your company’s secrets can end up in a competitor’s hands in minutes.