Yo founder: we were lucky to get hacked (and everything is fixed now)
By Mary Beth Quirk From Consumerist
The makers of one-word messaging app Yo are sounding the all-clear after reports last week that the app could easily be hacked, leaving users’ phone numbers at risk. But also? That whole thing was a good thing, the founder explains.
The app only launched and hit that point of saturation where everyone is yakking about something for at least 48 hours straight recently, so the news that it’d been hacked spread quickly. And it was all for the best, founder Or Arbel wrote on Medium on Saturday (via the WSJ blog Digits). By June 22, it had 1 million users.
“We were lucky enough to get hacked at an early stage and the issue has been fixed,” he explained, because the whole thing shows how Yo is super simple and there’s basically nothing to be hacked, anyway.
“When you join it doesn’t ask you for your email, full name, Facebook account, or any other piece of personal information. The only identity within the Yo app is your username,” he adds.
The one exception — if users opt in to the “find friends” feature, which uses phone numbers to connect you to your real life pals.
So if you don’t use that feature, your username was the only thing that was compromised, he says. And your list of contacts is also safe, because those aren’t saved or stored by Yo.
But if you have used that feature — “your phone number was exposed together with your Yo username (again, not with your full name, not with your email, only a Yo username and a phone number).”
There’s also some more information about what exactly happened, with Arbel outlining the timeline of last week’s hack: He got a text message asking if he was the founder of Yo, to which he replied yes to — even though it was an unknown number. Red flag, it would seem. That triggered a blast of Yos and an alert saying “YoBeenHacked” in his app.
“We logged on to our back-end and immediately started investigating. Our initial findings were on the spoofed Yos and showing the custom alert,” Arbel writes. “We instantly closed these holes, but there was another issue to follow.”
Then he actually called the number from the texter and spoke to the hacker and had a productive conversation with emailed details of the attack.
Georgia Tech Students had claimed last week to have hacked Yo, not to do harm but to simply show that it could be done.
Yo and the hackers worked things out eventually, resolving the issue on Friday and verifying with the hackers that everything was righty tighty.
“One of them is actually now working with us on improving Yo experience in other aspects as well,” he adds.
He admits that things might’ve gone a bit too fast in the early stages, but heck, don’t we all move too fast, too soon in life? Tell it like it is.
“Yo started as a weekend project and exploded a little too soon,” he confesses. “We were just finishing up re-writing the infrastructure in a proper and secure way, as suitable for production grade apps, when it suddenly blew up and went viral.”
So annoying when you go viral too soon. So annoying.
Anyway, Arbel is really sorry this had to happen.
“We take your privacy very seriously, we apologize from the bottom of our hearts, and if you have any more questions regarding these issues you can contact me directly: [email protected].”
IMAGE: The symbol for the element Yo-inium?
For more on this story go to: http://consumerist.com/2014/06/23/yo-founder-we-were-lucky-to-get-hacked-and-everything-is-fixed-now/
Related story:
The stupidest $1 million app ever has already been hacked
By Brad Reed From BGR
Who would have thought that the stupidest $1 million app in world history would have shoddy security? Yo, the inexplicably dumb new messaging app that was created in just eight hours and has raised $1 million in funding, has already been hacked by college students at Georgia Tech. As TechCrunch reports, the students figured out how to get any Yo user’s phone number and then use it to spam out an infinite number of “Yo’s” to anyone in their contacts. Basically, the Georgia Tech kids have discovered how to take an app that’s already annoying and make it even more annoying.
But it gets worse — TechCrunch has also spotted another unconfirmed Yo hack that replaces the standard “Yo” sound with Rick Astley’s anti-classic “Never Gonna Give You Up.” This means that Yo can potentially go from being an annoying and stupid messaging app to being a truly Satanic tool for Rickrolling all your friends until they want to murder you.
Yo founder Or Arbel has tells TechCrunch that he and his team are aware of Yo’s security issues and that they’ve fixed some of them and are still working on others. Arbel says that Yo is taking these issues “very seriously,” which it definitely should since it won’t take long for people to delete an app that sends them a non-stop stream of Rick Astley songs all day.
For more on this story go to: http://bgr.com/2014/06/20/yo-app-for-ios-android-hacked/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheBoyGeniusReport+%28BGR+%7C+Boy+Genius+Report%29