Trever Faden originally discovered the first flaw after creating the website C*ckblocked (asterisk intentional) to scrape data from anyone who logged in with their Grindr username and password. The second would let anyone monitoring web traffic observe the location-pings the Grindr app sends to its servers -- and while that's a creepy thing to do anywhere (like, say, over public Wi-Fi), it's also something that anti-gay governments or groups could use to peek at anyone who might use the service.

We've reached out to Grindr for comment and will add when we hear back. The company assured NBC OUT that the C*ckblock flaw had been fixed (the site was shut down anyway), but the second exploit reportedly remains.