Dating apps hold a treasure trove of information about their users which can make them an enticing target for malicious actors.

On October 3, 2020, researchers (Wassime Bouimadaghene who found the vulnerability, and Troy Hunt who reported it) announced that they had found a security vulnerability in the dating app Grindr.

This vulnerability allowed anyone to access the password reset link for an account if they knew the user’s email. The password reset page would include the password reset token in its response to the client, this reset token should only be emailed to the user

#nodejs #security #privacy #grindr