Grindr hack let anyone steal email login tokens

Security researcher Troy Hunt reports on a security flaw that let attackers change the email address of Grindr accounts. All you had to do was know the account's current email address and trigger a password reset: the secret login URL was sent to the browser too, hidden in the code of the "check your email!" — Read the rest



from Boing Boing https://ift.tt/2GI6ouH
via IFTTT
Share on Google Plus

About Unknown

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment