San Francisco: US-based anonymous social media platform Yik Yak, which allows users to read messages from others nearby, is said to have left the precise locations of at least two million users exposed.
Computer science student David Teather discovered last month that the flaw in the iPhone app allowed attackers to obtain both the precise location of posts and the unique identifiers of users.
“I was able to access precise GPS coordinates (accurate to 10-15 feet) of all posts and comments on the Yik Yak platform, which leaves at least 2 million users at risk. This number is likely more high because this user count is six months old,” he wrote in a blog post.
“I disclosed what I found to the Yik Yak team on April 11, 2022. Almost a month later, on May 8, 2022 (1 day before the public disclosure date), they responded by removing the user ID returned for posts and comments is not enough to protect privacy,” he added.
Yik Yak is a pseudonymous messaging forum, where users can view posts within a 5 mile radius. Each user has an emoji and a color to distinguish individuals, these can be reset if the user wishes.
This feature allows conversation chains to continue in comment sections where users can interact.
Each post has a location associated with it by design, and when viewing a post, the app displays how far away it is from you.
The app, which originally launched in 2013 but was shut down due to its reputation for cyberbullying and harassment, was relaunched last year. It is now marketed to people aged seventeen and over.