Updated Wednesday, 2 p.m. EST
As the Australian hacker accused of logging into Grindr profiles evades criminal charges, a company spokesman says that the accusations lofted last week against the popular GPS social app are "unfounded." Details follow.
Though it was being reported that 100,000 Grindr user profiles were hacked and possibly compromised, a spokesman says that only a minor number or users experienced a security breach. "Contrary to some unfounded speculation, we have no indication that any large number of photos were intercepted—in fact, we have received no specific user reports of interceptions," the spokesman said in a statement, adding that users of Blendr, the straight version of the app, "were not affected."
Sydney police corroborate Grindr's side of events as criminal charges against the accused Sydney hacker are on hold...for now.
According to a New Zealand publication:
The NSW Police's cybercrime squad had not received any complaints about the hack, a State Crime Command spokeswoman said.
If a complaint was made, the cybercrime squad would investigate to see if any laws had been broken, the spokeswoman added.
Still, at least one Grindr user has come forward with a story of interception.
One of the Sydney users of the Grindr app, who asked to remain anonymous, said his profile was altered twice, with his name changed to obscene words.
His profile was also linked to a "shock site", a website that tries to offend its viewers.
The user said he informed Grindr about the hack - which took place in July - through emails, but was only told to update his smartphone operating system and app.
"I didn't feel that the response was adequate or that they were taking it very seriously at all," the user said.
Fears surrounding the possible hacking attempt continue to plague Grindr, which reiterated its security in the new statement. "Our users can be assured that Grindr does not retain chat history, credit card information, or addresses, and no such information was ever compromised."
The Sydney-based hacker discovered a way to log in to any Grindr or Blendr (Grindr's straight sister app) profile. The security hole allowed the hacker to assume 100,000 Australian Grindr profiles which he/she then posted private information about to a website that has since been removed.
The Sydney Morning Herald has more:
The website, registered on July 14 last year, allowed the hacker to search for any Grindr user regardless of their location, and capitalised on the vulnerabilities to offer other services not designed by the apps.
Material seen by this website suggests that a number of Australian users had their Twitter profiles linked to Grindr profiles on the web page, making it easier to find users.
At one point, according to sources who saw the website before it was taken down, it listed users' Grindr pseudonyms, passwords, their personal favourites (bookmarked friends) and allowed them to be impersonated, and thus have messages sent and received without their knowledge. At one point, the website also allowed users' profile pictures to be replaced.
The website was taken down following a threat of legal action from Grindr founder Joel Simkhai, who has promised an update fixing the security flaws in the coming days. "We are certainly aware of a lot of these vulnerabilities and ... they will be fixed as fast as humanly possible," Simkhai said on Tuesday.
(Source and image source: SMH)