Grindr users’ precise location data was sold to the highest bidder for years

Grindr fined £5 million in Norway data breach

Precise location data for millions of Grindr users was collected from a digital advertising network and sold to third parties.

The Wall Street Journal reported that user locations were collected and sold from 2017 until around 2020.

It noted that Grindr shut off all data to advertising networks two years ago, but claimed historical data may still be available for sale.

Though the data did not identify users, WSJ said it would be possible to infer hook-ups based on proximity, and that it might be possible to deduce a person’s identity through their habits and regular locations.

A Grindr spokesperson told the outlet: “Since early 2020, Grindr has shared less information with ad partners than any of the big tech platforms and most of our competitors.

“The activities that have been described would not be possible with Grindr’s current privacy practices, which we’ve had in place for two years.”

Grindr noted that cutting off data to advertising partners has hit it financially.

The data was sold in a computerised process to enable hyperlocal advertising to be served to users.

When Grindr began sharing this data with ad networks, WSJ reported, executives didn’t consider it to be a security risk.

In 2021 a Catholic priest was forced out of the closet when The Pillar, a Catholic newspaper, found his profile information using “commercially available records of app signal data”.

Even without his name it was not difficult for people with access to the information to deanonymize the data.

Jeffrey Burrill had to step down from his position as administrator for the US Conference of Catholic Bishops after he was outed.

In a blog post, Grindr called the WSJ story “old news”.

Patrick Lenihan, its vice president of communications, wrote: “The Wall Street Journal has run a sensationaliSed story about the historical vulnerabilities in the adtech ecosystem that were improperly exploited to allegedly obtain data from some of Grindr’s former ad partners.

“The issues with adtech are real, unfortunately the WSJ is using scare tactics in a ploy for clicks.”

In 2021, Grindr was fined 65 million Norwegian crown (around £5 million) after a huge data breach.