"Anonymous Mental Health App Feelyou Accidentally Exposed 70,000 Personal Emails"

Mental health app Feelyou patched a vulnerability recently that saw the email addresses of its nearly 80,000 users exposed online.  Owned by the Japan-based company Bajji, Feelyou is self-described as the first journaling and social mood tracking app.  It allows users to share their feelings with others either publicly or anonymously.  Up until last week, anyone could obtain the personal email addresses of users and link them to anonymous posts by simply accessing the app's GraphQL application programming interface (API), which did not require any authentication to do so.  The issue was discovered by security researcher Maia Arson Crimew and affected the app's 77,967 users in 177 countries.  Bajji's founder Noritaka Kobayashi stated that the security issue had been present since at least Jan. 25 but asserted that there is no evidence of an attack.  Kobayashi noted that the app did not collect personal information such as names, addresses, birth dates, genders, phone numbers, country of origin, or credit card data.  After checking the API once again, Maia confirmed that the data was no longer accessible.  The company also said it intends to reach out to users to inform them of the issue.

Daily Dot reports: "Anonymous Mental Health App Feelyou Accidentally Exposed 70,000 Personal Emails"