Glow fertility tracker forum vulnerability leaked entire user base’s data

All users of the Glow fertility tracking app totaling nearly 25 million individuals had their personal data exposed as a result of a vulnerability in the app's online forum, according to TechCrunch. Information leaked by Glow's developer API included individuals' names, self-reported age group, uploaded images, locations, and unique user identifiers, said security researcher Ovi Liber, who noted that the security issue had been resolved by the app a week after reporting the flaw in October. Such a vulnerability was discovered by Liber after user data had been returned by API call after he had connected his Android device with the Burp network analysis tool. Electronic Frontier Foundation Cybersecurity Director Eva Galperin emphasized the importance of Liber's findings. "Even without getting into the question of what is and is not [private identifiable information] under which legal regime, the people who use Glow might seriously reconsider their use if they knew that it leaked this data about them," said Galperin.