Experts On “Giggle” user community exposes womens’ images, location data, and more – ignored vuln. warnings, uses flawed verification

By   ISBuzz Team
Writer , Information Security Buzz | Sep 11, 2020 02:32 am PST

The new vulnerability report Giggle; laughable security from Digital Interruption reveals that the Giggle user community’s founders ignored warnings of a serious vulnerability that exposed women and teens’ location and other data, exposing them to sharp risk. The report also details the Giggle team’s failure to delete user data when accounts are deleted; and flawed and questionable user verification processes.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Chloé Messdaghi
Chloé Messdaghi , VP of Strategy
September 11, 2020 10:35 am

This is an example of why every company should have a vulnerability disclosure program. We see too many cases when the hacking community draws attention to a major gap in security, only to have an organization ignore the warnings and even target well-intentioned hackers with threats. The statement by the Giggles team that they don’t need a vulnerability program because they have a security team is ludicrous on its face. It’s like saying: I have a family doctor, so I don’t need a specialist.

Also especially troubling are reports of its user verification and data retention policies. According to reports, the Giggles app geared towards teens and women actually puts its user populations at risk through its data retention policies because it gathers the kind of location information that stalkers and cyber attackers leverage to abuse victims. It’s reported the Giggles app retains that data even when users leave the community and delete the app, and the Giggles team actually misleads users and former users that their data is purged when a user quits the community.

Moreover, the Giggles verification process “validates” gender through a facial recognition process that can potentially exclude many women including the trans community, gating membership solely to those who fit stereotypical and outdated notions about appearance… and designating who\’s a woman and discriminating based on appearances, leading many of us to wonder about fundamental problems beyond Giggles’ obvious and reported cybersecurity flaws.

Last edited 3 years ago by Chloé Messdaghi

Recent Posts

1
0
Would love your thoughts, please comment.x
()
x