You might think that an app that doesn’t require any of its users’ personal information would be left alone by hackers.
You’d be wrong.
You might be wondering why a group of hackers would bother messing with an app that requires no personal information – no e-mail address, Facebook account info, or even full name – from its users. To expose a security vulnerability? For the sheer sport of it?
Turns out, there is personal information to be stolen from Yo’s users. If a user opted in to the “Find Friends” feature, that left the user’s phone number vulnerable. The Georgia Tech hackers posted these phone numbers and the user names they’re associated with at the Yo Hack website.
Yo’s Surprising Reaction
In the aftermath of these sorts of hacks, there’s a fairly common routine. The hacked company apologizes, vows to fix the issue and improve their security in a more general way. Months later, someone checks on the supposed improvements and discovers the company is still vulnerable.
Yo’s founder and developer, Or Arbel, is mostly following the script, offering an apology that hits the right notes of humility…
Yo started as a weekend project and exploded a little too soon…We were just finishing up rewriting the infrastructure in a proper and secure way, as suitable for production grade apps, when it suddenly blew up and went viral.
Yo is a simple app – your privacy isn’t. We take your privacy very seriously, we apologize from the bottom of our hearts.
…and an eagerness to learn. In fact, the title of this apology letter is “We were lucky enough to get hacked”.
And if we’re more inclined to take this apology more seriously than usual, it’s probably because Arbel got in touch with the hackers, and hired one of them. While this gesture may open them up to a whole slew of hackers who attack the company in the hopes of getting employed, it strikes us as a sincere gesture nonetheless.
In the meantime, we advise against offering up new and untested apps too much of your personal information. This was a mild hack, but the next one could be far worse.