A young Sydneysider who hacked a popular gay social networking app may escape prosecution as no complaint has been filed with NSW Police.
The smartphone app Grindr, which had about 100,000 Australian users as of August last year and more than a million users worldwide, was the target of a hacker who potentially exposed who people were friends with and intimate chats and private photos destined for them using an exploit that allowed the hacker to impersonate users' accounts.
Under the Commonwealth Criminal Code Act 1995 anyone with "unauthorised access to, or modification of, restricted data which occurs via a carriage service, including the internet and mobile phones" could face a maximum penalty of two years' jail, with anyone above the age of 14 liable for prosecution.
The hacker is understood to have been under 18 at the time they hacked Grindr.
Similar legislation also applies in states and territories, a spokeswoman for the federal Attorney General's department said.
But the NSW Police's cybercrime squad had not received any complaints about the hack, a State Crime Command spokeswoman said.
If a complaint was made, the cybercrime squad would investigate to see if any laws had been broken, the spokeswoman added.
A spokeswoman for the Australian Federal Police said such cases involving individuals and small businesses were usually investigated by state or territory police.
A Grindr spokesman told Fairfax Media the company had taken "legal and technological actions" against a website created by the hacker that exploited the flaws in the Grindr app, adding that the site "primarily impacted a very small percentage of our total Australian Grindr users and it remains shut down".
"Contrary to some unfounded speculation, we have no indication that any large number of photos were intercepted - in fact, we have received no specific user reports of interceptions," the spokesman said in a statement, adding that users of Blendr, the straight version of the app, "were not affected".
But one of the Sydney users of the Grindr app, who asked to remain anonymous, said his profile was altered twice, with his name changed to obscene words.
His profile was also linked to a "shock site", a website that tries to offend its viewers.
The user said he informed Grindr about the hack - which took place in July - through emails, but was only told to update his smartphone operating system and app.
"I didn't feel that the response was adequate or that they were taking it very seriously at all," the user said.
The Grindr spokesman said the company would notify its users of a compulsory security update of its apps that was due to be released "over the next few days".
"Our users can be assured that Grindr does not retain chat history, credit card information, or addresses - and no such information was ever compromised."
- Sydney Morning Herald