A promotional image of the Grindr app, left, and founder Joel Simkhai's profile.
The popular gay hook-up app Grindr, which spawned a sexual revolution in Australia and across the world, is facing an investigation by the US Congress after it emerged that a number of vulnerabilities allowed for the app to be easily hacked.
Two members of the US Congress have written to Grindr chief executive Joel Simkhai demanding answers about security vulnerabilities in the app following Fairfax Media's January report that a young Sydneysider was able to hack it.
The hacker discovered a way to log in as another Grindr user, see their favourites, chat and send photos on their behalf and made use of some of the vulnerabilities to look at other users' favourites and change their profile pictures.
NSW Police said in January that no complaint had been filed, meaning it would be difficult to investigate and that the hacker could get away with what they did. The app has over three million users worldwide, 100,000 plus of which are located in Australia.
In their letter to Grindr, US Congressemen Henry Waxman and GK Butterfield said the hacking incident and security vulnerabilities raised questions about steps Grindr took ''to protect the privacy and security'' of its users' information.
''The web pages containing the privacy policies for both of your mobile apps claim that they are 'all about your privacy','' they wrote, ''Yet an independent security expert found there were security vulnerabilities in your apps that could have been mitigated, but were not.''
They added that Grindr and other online services had an obligation to properly secure users' information.''Ensuring adequate security for users' information is an essential element of protecting their privacy.''
Their comments about the incident in their letter were followed by a number of questions they said they were asking to ''more fully understand the incident, and to help inform US Congress's ongoing efforts to develop data security legislation''.
The congressmen sent the letter February 23 and have given Grindr until March 8 to respond.
Grindr said in a statement to Fairfax that it took ''significant steps'' to address security concerns ''when issues were raised''.
''Indeed, in the last several weeks, Grindr has implemented security improvements addressing reported vulnerabilities to all of its applications including Grindr and Blendr on all platforms.
''We have required all users to upgrade to the latest releases.
''These steps were completed before Grindr received a letter from Congressman Henry Waxman and G.K. Butterfield ... ''Grindr is reviewing the letter and will diligently focus on their questions and respond to the committee in due course," it said.
This reporter is on Facebook: /bengrubb