Moreover, it looks as though the Pregnancy Glow community forums somehow comprised personal data like users’ names, email addresses, locations, birthdays, and other health details entered into the app. The Consumer Reports team said that this data was easy to uncover using a free, downloadable security testing app, and was then parsed using an online calculator.
As Consumer Reports noted, “The problem with this is that Glow made it a little too easy to connect accounts: a malicious user could add him- or herself to an account without the woman granting them permission to do so, and have access to some very personal data without her even knowing.”
Following TechCrunch’s initial report of these security flaws, Glow investor and executive chairman Max Levchin took to Twitter to ensure nervous parties that the Glow team had “corrected the potential issues,” and further insisted that there was “no evidence to suggest that any @GlowHQ data was compromised.” The Glow team further noted that it had contacted all its users to reset their password, update the app, and re-link the app with their partner’s account.
That said, some might be concerned that Glow was reacting to these reports, rather than proactively looking for potential vulnerabilities themselves.
“We were troubled by the nature and depth of the security problems we discovered,” said Maria Rerecich, Consumer Reports’ director of electronics testing, who oversaw the analysis. “But we were pleased to see how quickly Glow responded to our concerns.”
Source: Digital Trends
No comments:
Post a Comment