Grindr flaw allowed hijacking accounts with just an email address

A Grindr vulnerability allowed anyone who knows a user’s email address to easily reset their password and hijack their account. All a bad actor needed to do was type in a user’s email address in the password reset page and then pop open the dev tools...

from TV Aerial Installation Services Warrington https://www.engadget.com/grindr-flaw-hijack-accounts-email-address-220021987.html
via TV Feed