Forget about SOPA! Homosexuals across the land should be more than a little concerned this morning as news of a major security breach at Grindr and Blendr reaches the wires. It turns out the iPhone-based hookup apps (Blendr is the straight one, for those who didn't know it existed) didn't have any real security at all, according to an Australian hacker, who built a website on which you could search for any Grindr user, regardless of whether they were online, view their favorites, nude pics, chats, etc., and even impersonate them!
The website has since been taken down, and Grindr CEO Joel Simkhai says they're rushing to put out a patch to close the security gap he swears that some "new architecture" was being built, ready to be released "within weeks," which would have negated these security issues, but that the temporary patch will solve it in the meantime. That is, if you bother to download the update!
An online security expert quoted by the Sydney Morning Herald said that the Grindr and Blendr apps ""had no real security" and that they are "very poorly designed ... [with] poor session security and authentication." That's nice. So this app has been around for how many years now and never had any real security? Not that gay men have a lot of shame when it comes to posing naked pictures of themselves on the web (see also Reichen Lehmkuhl, this guy from A-List Dallas, etc. - BOTH LINKS NSFW!), but not cool, guys!
Update: Grindr contacted SFist with a statement clarifying that Blendr was not, in fact, affected (though the security expert quoted above seemed to suggest that the Blendr platform was the same, and therefore just as vulnerable, it just wasn't involved in this particular breach). Also, they assure us, "We continuously make improvements to our platform to increase security across our networks. We are releasing a mandatory update to our apps over the next few days to enhance security. When the update is available, users will be notified via in-app messaging, on Twitter and on the Grindr blog. Our users can be assured that Grindr does not retain chat history, credit card information, or addresses and no such information was ever compromised."
[Sydney Morning Herald via The Awl]