An NBC report suggests that security flaws in the gay dating app Grindr have allowed the personal details and data of millions of users to go unprotected, including their in-app messages and real life locations.

According to NBC, the dating app had contained two security issues (since patched) that potentially exposed the data of its more than three million daily users. That includes users’ private messages to other users, their profile information, and their locations, even if they’d opted out of sharing GPS data, security analysts told NBC.

The flaws were reportedly identified by Grindr user and property management startup CEO Trever Faden, who created a third-party website called C*ckblocked for allowing Grindr users to see who had blocked them on the app. The site required them to enter their Grindr username and password, and once they had done so, Faden told NBC, he found he was able to access users’ profiles, email addresses, deleted photos, unread messages, and other private data.

NBC noted that C*ckblocked exploited a “similar security loophole” to one that was recently shown to have leaked personal data on 50 million people via Facebook.

According to NBC, users who opted out of providing location data to the app could still be located because of such security loopholes. “One could, without too much difficulty or even a huge amount of technological skill, easily pinpoint a user’s exact location,” Faden told the site.

https://www.forbes.com/sites/janetwburns/2018/03/29/report-says-grindr-exposed-millions-of-users-private-data-messages-locations/#6b9df2b85c4c