San Francisco: US-based anonymous social media platform Yik Yak, which allows users to read messages from others in proximity, has reportedly left at least two million users’ precise locations exposed.
David Teather, a computer science student, last month, found that the iPhone app’s flaw let attackers obtain both the precise location for posts and users’ unique IDs.
“I was able to access the precise GPS coordinates (accurate to within 10-15ft) of all posts and comments on the Yik Yak platform, this leaves at least 2 million users at risk. This number is likely higher, as this user count is six months old,” he wrote in a blog post.
“I disclosed what I found to the Yik Yak team on April 11, 2022. Almost a month later on May 8, 2022 (1 day before the public disclosure date), they responded by removing the user id being returned for posts and comments however this is not enough to protect privacy,” he added.
Yik Yak is a pseudonymous messaging board, where users can see posts within a radius of 5 miles. Each user has an emoji and colour to distinguish individuals, these can be reset if the user chooses.
This feature allows conversation chains to continue in comment sections where users can interact.
Each post has a location associated with it by design, and when viewing a post the app displays how far away they are from you.
The app, which was initially launched in 2013, was shut down due to its failure over cyber-bullying and harassment reputation, was relaunched last year. It is now marketed toward people ages seventeen and older.