TechCrunch reports that popular phone tracking app iSharing had the exact location details of its more than 35 million users exposed due to vulnerabilities that prevented the app's servers from conducting proper checks of user data access.
Aside from location data, users' names, profile photos, email addresses, and phone numbers were also made accessible to anyone due to the flaws, according to University of British Columbia's Eric Daigle, who discovered and reported the security issues.
"Finding the initial flaw in total was probably an hour or so from opening the app, figuring out the form of the requests, and seeing that creating a group on another user and joining it worked," Daigle said.
All of the flaws, which have already been addressed during the past weekend, were noted by iSharing to have stemmed from the app's groups functionality, but iSharing co-founder Yongjae Chuh said that there was no evidence suggesting their earlier discovery or exploitation.
"Our team is currently planning on working with security professionals to add any necessary security measures to make sure every user’s data is protected," Chuh added.