In response to CVE-2021-44228 (log4j)
At Grindr, the security and safety of our users and products is a top priority. As reported in many places, there are multiple large scale vulnerabilities across the internet that surfaced from a software library called Log4j. In December, when this issue was disclosed by the United States Cybersecurity and Infrastructure Security Agency, known as CISA, we quickly activated our incident response teams and processes to assess the impact of this vulnerability on our products and customers.
Our initial assessment has found minimal usage of the affected log4j library. The small usage that was found has been reviewed by our team and successfully patched. At this time we have found no evidence of exploitation of this vulnerability observed within Grindr's environment.
Our threat mitigation team will continue to stay vigilant in monitoring this vulnerability, and as always will continue to keep the safety and security of our users at the forefront of our efforts.
-Joel Keating, Chief Information Security Officer | LinkedIn