Newsnews

Fertility Tracking App Glow Fixes Bug Exposing Users’ Personal Data

fertility-tracking-app-glow-fixes-bug-exposing-users-personal-data

A bug in the fertility tracking app Glow’s online forum has led to the exposure of personal data belonging to approximately 25 million users. The bug, which was discovered by security researcher Ovi Liber, allowed access to users’ first and last names, self-reported age groups, location, unique user identifier, and any user-uploaded images. The bug was found leaking data from Glow’s developer API, which was accessible to anyone, not just developers. Liber reported the bug to Glow in October, and it was fixed about a week later.

Key Takeaway

The bug in Glow’s online forum exposed personal data of around 25 million users, raising concerns about the app’s data security and privacy measures.

Security Vulnerability

Liber found that the vulnerability he discovered affected all 25 million users of Glow. He mentioned that accessing the data was relatively easy, highlighting the seriousness of the security flaw. Glow’s API, which should have been restricted to developers, was in fact a public endpoint, allowing unauthorized access to user data.

Response and Impact

While an unnamed Glow representative confirmed that the bug has been fixed, the company declined to discuss the bug and its impact on the record or provide the representative’s name. This lack of transparency raises concerns about the potential impact on users and their data privacy.

Expert Opinion

Eva Galperin, the cybersecurity director at the Electronic Frontier Foundation, emphasized the significance of the data leak, stating that Glow users might reconsider their use of the app if they were aware of the exposed data. This incident raises questions about the security and privacy measures in place to protect users’ sensitive information.

Previous Incidents

This is not the first time Glow has faced privacy and security issues. In 2016, Consumer Reports found that users’ data and comments about their personal lives were accessible due to a privacy loophole. Additionally, in 2020, Glow agreed to pay a fine of $250,000 following an investigation by California’s Attorney General, which accused the company of failing to adequately safeguard users’ health information and allowing access to user information without their consent.

Leave a Reply

Your email address will not be published. Required fields are marked *