The US-based anonymous social media platform Yik Yak, which allows users to read messages from others in close proximity, reportedly exposed the precise locations of at least two million users.
David Teather, a computer science student, discovered last month that the iPhone app's vulnerability allowed attackers to obtain both the precise location of posts and the unique IDs of users.
“I was able to access the precise GPS coordinates (accurate to within 10-15ft) of all posts and comments on the Yik Yak platform, this leaves at least 2 million users at risk. This number is likely higher, as this user count is six months old,” he said in a blog post.
On April 11, 2022, he said he had informed the Yik Yak team of the discovery. “On May 8, 2022, one day prior to the date of public disclosure, they responded by removing the user id being returned for posts and comments, but this is insufficient to protect privacy “he added.
Yik Yak is an anonymous message board
Yik Yak is an anonymous message board that allows users to view posts within a 5-mile radius. Each user is distinguished by an emoji and colour, which can be reset at the user's discretion.
This feature enables conversation chains to continue in user-interactive comment sections.
Each post is designed to have a location associated with it, and when viewing a post, the app displays the distance between you and the poster.
The app, which had been discontinued in 2013 due to its reputation for cyber-bullying and harassment, was relaunched the last year. It is now marketed to individuals over the age of seventeen.