Data-leaking Freedom Chat app vulnerabilities addressed

Freedom Chat, a private social messaging app, has patched two security flaws discovered by security researcher Eric Daigle to expose users' phone numbers and PIN codes, TechCrunch reports. Nearly 2,000 users who had signed up for Freedom Chat since its launch in June could have had their numbers enumerated using the first vulnerability, according to Daigle, who noted the issue's similarity with a WhatsApp vulnerability that allowed the scraping of almost 3.5 billion user accounts. Another issue allowed the broadcasting of users' PINs to the default Freedom Chat channel, where they are automatically subscribed following sign-ups. Aside from unveiling a new version of the app, Freedom Chat has also implemented PIN resets, removed visible phone numbers, and bolstered rate-limiting on servers. "No messages were ever at risk, and because Freedom Chat does not support linked devices, your conversations were never accessible; however, we've reset all user PINs to ensure your account stays secure. Your privacy remains our top priority," said Freedom Chat in an app store update.