#Fail: Feelyou Exposes 70k Personal Emails

From the #Fail department comes the story of anonymous mental health app Feelyou who accidentally exposed 70,000 personal emails by failing to require any authentication to access the app’s GraphQL API.

That truly is a #Fail.

The vulnerability, discovered by security researcher Maia Arson Crimew, was patched over the weekend. Which is cold comfort if you use this app.

Yariv Shivek, VP of Product, Neosec had this comment:

“Healthcare APIs carry sensitive data and therefore must be secure. However, without proper automated controls – such as API monitoring – it’s hard to know when you’re providing sensitive information without correct authentication.”

This is really embarrassing for the makers of this app, and hopefully they take this opportunity to make sure that personal info stays secure.

Leave a Reply

%d bloggers like this: