Mental health application Feelyou has been impacted by the security vulnerability that resulted in the exposure of email addresses of 77,967 users across 177 countries, reports The Record
, a news site by cybersecurity firm Recorded Future.
The flaw was identified by security researcher maia arson crimew after reverse engineering other mental health apps, with the email address exposure stemming from lacking authentication in the app's GraphQL application programming interface
On the other hand, Feelyou, which was first notified regarding the vulnerability by The Daily Dot, which initially reported crimew's findings, said that it had already resolved the issue.
"We have also confirmed through our investigation that there was no other impact other than email addresses. Feelyou does NOT store the following information in the application: Names, addresses, telephone numbers, passwords, credit card information, and information that identifies individuals," said Feelyou.
Meanwhile, crimew emphasized that many other security issues may be lurking in mental health apps.
"There are certainly much more of these apps with security issues just waiting to be found, and as always under capitalism its definitely obvious that privacy and security are more a secondary goal and selling subscriptions is usually much more central," crimew said.