Grindr has fixed a security flaw that could have allowed attackers to easily hijack any Grindr account if they knew the user’s email address. The vulnerability was discovered by French security researcher Wassime Bouimadaghene. The reset token generated when resetting an account’s password could be obtained using the web browser’s dev tools as it was leaked in the page response content. Grindr said they are working on making it easier for researchers to report such issues and that a new bug bounty program is in the works.
Source: https://www.bleepingcomputer.com/news/security/grindr-fixed-a-bug-allowing-full-takeover-of-any-user-account/