Japan-based bajji, the company that sells the mental health app Feelyou, has issued an urgent security fix after a researcher discovered a serious flaw exposing user data.
Described as the first journaling app combining social mood tracking while contributing to sustainability, Feelyou enables people with mental issues to anonymously share their moods. It basically acts as a shoulder to rest on when you’re feeling down.
The Feelyou community is not vast, but it’s not small either, with around 77,000 users in 177 countries.
“There is a person somewhere in the world who feels the same way,” reads the app’s marketing.
All seemed well until a researcher discovered a grave flaw in the app. As reported by the Daily Dot, maia arson crimew found that anyone could obtain users’ personal email addresses and link them to ”anonymous” posts by accessing the app’s GraphQL API, which did not require authentication.
Users’ post history and profile information were also accessible, according to the news outlet.
bajji founder Noritaka Kobayashi confirmed the researcher’s findings, saying the security issue had been present since at least January 25.
After being informed of the issue, Kobayashi immediately called a board meeting to address the vulnerability and reportedly patched the flaw over the weekend.
Kobayashi insisted that no evidence of an attack was found, and stressed that the app did not collect personal information such as names, addresses, birth dates, genders, phone numbers, country, or credit card data.