Security researcher Troy Hunt reports on a security flaw that let attackers change the email address of Grindr accounts. All you had to do was know the account's current email address and trigger a password reset: the secret login URL was sent to the browser too, hidden in the code of the "check your email!" — Read the rest
