The Cybernews research team has discovered that the iOS sleep management app Sleep Journey: Insomnia Helper exposed over 25,000 users via a misconfigured Firebase database.
The leaked data revealed names, email addresses, dates of birth, gender, sleeping data, habits such as alcohol and nicotine consumption, before-sleep activities, and medication use.
Here’s why this story matters:
- Leaking sensitive information like sleep patterns, substance use, and medical habits alongside names and emails gives cybercriminals everything they need to launch highly personalized and targeted attacks.
- It’s not just user data — it’s app infrastructure. Secrets like API keys, client IDs, and storage bucket credentials were hardcoded into the iOS app, potentially giving attackers high-level access to backend systems and user devices.
- Cybercriminals could use automated scrapers to harvest sensitive data in real-time — putting user privacy and service integrity at serious risk.
- It’s part of a larger, systemic issue. This breach was uncovered during Cybernews’ investigation into 156,000 iOS apps — revealing that 71% leak at least one secret, showing just how widespread insecure coding practices are.
To read the full research, please click here.
Related
This entry was posted on May 22, 2025 at 9:45 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
iOS app Sleep Journey: Insomnia Helper exposed over 25,000 users’ data
The Cybernews research team has discovered that the iOS sleep management app Sleep Journey: Insomnia Helper exposed over 25,000 users via a misconfigured Firebase database.
The leaked data revealed names, email addresses, dates of birth, gender, sleeping data, habits such as alcohol and nicotine consumption, before-sleep activities, and medication use.
Here’s why this story matters:
To read the full research, please click here.
Share this:
Like this:
Related
This entry was posted on May 22, 2025 at 9:45 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.