From the #Fail department comes the story of anonymous mental health app Feelyou who accidentally exposed 70,000 personal emails by failing to require any authentication to access the app’s GraphQL API.
That truly is a #Fail.
The vulnerability, discovered by security researcher Maia Arson Crimew, was patched over the weekend. Which is cold comfort if you use this app.
Yariv Shivek, VP of Product, Neosec had this comment:
“Healthcare APIs carry sensitive data and therefore must be secure. However, without proper automated controls – such as API monitoring – it’s hard to know when you’re providing sensitive information without correct authentication.”
This is really embarrassing for the makers of this app, and hopefully they take this opportunity to make sure that personal info stays secure.
Like this:
Like Loading...
Related
This entry was posted on July 19, 2022 at 12:00 pm and is filed under Commentary with tags Privacy. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
#Fail: Feelyou Exposes 70k Personal Emails
From the #Fail department comes the story of anonymous mental health app Feelyou who accidentally exposed 70,000 personal emails by failing to require any authentication to access the app’s GraphQL API.
That truly is a #Fail.
The vulnerability, discovered by security researcher Maia Arson Crimew, was patched over the weekend. Which is cold comfort if you use this app.
Yariv Shivek, VP of Product, Neosec had this comment:
“Healthcare APIs carry sensitive data and therefore must be secure. However, without proper automated controls – such as API monitoring – it’s hard to know when you’re providing sensitive information without correct authentication.”
This is really embarrassing for the makers of this app, and hopefully they take this opportunity to make sure that personal info stays secure.
Share this:
Like this:
Related
This entry was posted on July 19, 2022 at 12:00 pm and is filed under Commentary with tags Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.