By Darren Pauli, 22 Sep 2014
Popular fitness app MyFitnessPal, used by 65 million people, has fixed a vulnerability that exposed personal information including date of birth records.
The profiles allowed users to fill out their private location data including country, state, and city but not street-level addresses for the purposes of linking neighbours.
However, that information could be viewed by anybody, according to security researcher Randy Westergren, due to a direct object reference vulnerability.
"Using Fiddler proxy, I started monitoring my own interactions within the Android App, capturing the requests made to the undocumented MyFitnessPal API," Westergrensaid.
The Register/ full article here/ http://www.theregister.co.uk/2014/09/22/exercise_tracking_app_not_quite_fit_for_purpose/
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.