The Daily Dot is reporting that mental health app Feelyou patched a vulnerability this weekend that saw the email addresses for its nearly 80,000 exposed online.
Up until last week…, anyone could obtain the personal email addresses of users and link them to anonymous posts by simply accessing the app’s GraphQL application programming interface (API), which did not require any authentication to do so.
… a malicious actor with access to the API could have scraped all the data en masse.
The issue was discovered by security researcher maia arson crimew and affected the app’s 77,967 users in 177 countries. After checking the API once again, maia confirmed that the data was no longer accessible. The company also said it intends to reach out to users to inform them of the issue.