Behind Grindr\'s doomed hookup, a data misstep and scramble to make up
Early last year, Grindr LLC’s Chinese owner gave some Beijing-based engineers access to personal information of millions of Americans such as private messages and HIV status, according to eight former employees, prompting US officials to ask it to sell the dating app for the gay community.
After taking full control of Grindr in January 2018, Beijing Kunlun Tech Co Ltd stepped up management changes and consolidated operations to cut costs and expand operations in Asia, one former employee familiar with the decision said.
In the process, some of the company’s engineers in Beijing got access to the Grindr database for several months, eight former employees said.
While it is known that data privacy concerns prompted the crackdown on Kunlun, interviews with over a dozen sources with knowledge of Grindr’s operations, including the former employees, for the first time shed light on what the company actually did to draw US ire and how it then tried to save its deal.
Reuters found no evidence that the app’s database was misused. Nevertheless, the decision to give its engineers in Beijing access to Grindr’s database proved to be a misstep for Kunlun, one of the largest Chinese mobile gaming companies.
In early 2018, the Committee on Foreign Investment in the United States (CFIUS), a government panel that scrutinizes foreign acquisitions of US companies, started looking into the Grindr deal to see whether it raised any national security risks, one source close to the company said.
Last September, it ordered Kunlun to restrict access of its Beijing-based engineers to Grindr’s database, the source said.
Kunlun did not respond to requests for comment. A Treasury spokesman declined to comment on behalf of CFIUS.
A Grindr spokeswoman said, “the privacy and security of our users’ personal data is and always will be a top priority.”
Two former national security officials said the acquisition heightened US fears about the potential of data misuse at a time of tense China-US relations. CFIUS has increased its focus on the safety of personal data. In the last two years, it blocked Chinese companies from buying money transfer company MoneyGram International Inc and mobile marketing firm AppLovin.
Based in West Hollywood, California, Grindr is especially popular among gay men and has about 4.5 million daily active users. CFIUS likely worried that Grindr’s database may include compromising information about personnel who work in areas such as military or intelligence and that it could end up in the hands of the Chinese government, the former officials said.
“CFIUS operates under the assumption that, whether through legal or political means, Chinese intelligence agencies could readily access information held by private Chinese companies if they wanted to,” said Rod Hunter, an attorney at Baker & McKenzie LLP who managed CFIUS reviews during President George W. Bush’s administration.
In a faxed statement to Reuters, China’s foreign ministry said it was aware of the situation with Grindr and urged the United States to allow fair competition and not politicize economic issues.
“The Chinese government always encourages Chinese companies to conduct economic and trade cooperation overseas in accordance with international rules and local laws,” it said.
Kunlun first acquired 60 per cent of Grindr in 2016 for USD 93 million, amid a wave of acquisitions of US technology companies by Chinese firms. At the time CFIUS focused on traditional national security concerns, such as the use of technology for potential military applications, the former US security officials said.
Submissions of deals to CFIUS for review were entirely voluntary then, and Kunlun did not think it needed to submit its purchase of Grindr because it was convinced the deal posed no national security risk, two sources close to the company said.
After that deal was completed Kunlun tasked engineers in Beijing to improve the app, former employees said. The team worked out of the second floor of Ming Yang International Center, Kunlun’s 11-story headquarters east of the Palace Museum in Beijing, one former employee said.
At first, they did not have access to Grindr’s database, six former employees said. But that changed when Kunlun bought out the remainder of Grindr for USD 152 million, and the dating app’s founder and CEO, Joel Simkhai, left.
Kunlun shifted a significant portion of Grindr’s operations to Beijing, seven former employees said. Some outside contractors ended their work, and most of Grindr’s US engineers were subsequently let go or resigned, they said.
Some US employees who learned that the database access had been given to colleagues in China raised concerns about privacy with management, but they were told that they should not worry, two former employees said.
About a month after CFIUS’ September order, Kunlun told the panel the Beijing team’s access to Grindr’s database had been restricted, the source close to the company said.
Grindr also hired a cyber forensic firm and a third-party auditor at CFIUS’s behest to report on its compliance and to make sure the data was secure, the source said.
Kunlun started to operationally separate Grindr as well, making Grindr Beijing a different legal entity, transferring some Chinese employees from Kunlun to Grindr, and finding separate office space for Grindr in Beijing, former employees said.
Reuters could not determine what triggered CFIUS’ initial concerns about the Grindr deal, or whether Kunlun’s steps were directly aimed at allaying the panel’s fears.
By February, Kunlun had decided to shut down Grindr’s Beijing office, parting ways with some of the roughly two dozen employees there, two former employees said.
It told them the decision was taken because of policy reasons and concerns about data privacy, they said.
In March, Reuters first reported that CFIUS had asked Kunlun to divest Grindr.
Behind the scenes, the source close to the company said, Kunlun kept trying to salvage the Grindr deal until as recently as last week, when it said it would sell it by June next year.