The US-based anonymous social media platform Yik Yakwhich allows users to read messages from others nearby, reportedly revealed the precise locations of at least two million users.
Computer science student David Teather discovered last month that the vulnerability in the iPhone app allowed attackers to obtain both the precise location of messages and the unique identifiers of users.
“I was able to access precise GPS coordinates (accurate to 10-15 feet) of all posts and comments on the Yik Yak platform, which leaves at least 2 million users at risk. This number is likely more high, because this number of users is six months old,” he said in a blog post.
On April 11, 2022, he said he informed Yik Yak’s team of the discovery. “On May 8, 2022, a day before the public disclosure date, they responded by removing the returned user ID for posts and comments, but this is insufficient to protect privacy,” he said. added.
Yik Yak is an anonymous messager
Yik Yak is an anonymous message board that allows users to view posts in a radius of 5 miles. Each user is distinguished by an emoji and color, which can be reset at the user’s discretion.
This feature allows conversation chains to continue in interactive user comment sections.
Each post is designed to be associated with a location, and when viewing a post, the app displays the distance between you and the poster.
The app, which was abandoned in 2013 due to its reputation for cyberbullying and harassment, was relaunched last year. It is now marketed to people over the age of seventeen.