Controversial bulletin-board app Yik Yak has reportedly fixed a bug that could have let hackers take control of users’ accounts and wreck their anonymity.
The app, popular with college and high-school students, lets users post anonymous messages. The flaw, which was discovered by SilverSky Labs, an organization that specializes in cloud security, makes it possible for hackers to find user IDs, which is all they need to take control of an account.
There’s an easy way to avoid being hacked, though: Just update the Yik Yak app on your phone. SilverSky says it told Yik Yak about the problem on December 2, prompting an update the next day that closed the loophole.
The exploit was discovered by Sanford Moskowitz, a security research intern at SilverSky. Moskowitz wrote that the hack requires an attacker and a target to be on a shared WiFi network — something that happens a lot on college and high-school campuses.
Yik Yak did not respond to a request for comment.
The app has come under fire in the past for letting young people post anonymous, negative messages about their peers. In a November blog post for The Huffington Post, student writer Fernando Hurtado wrote that the app’s format — “anonymous” messages posted publicly according to location — has often served as a conduit for racism, insensitivity and violent threats.
Post a Comment