Glow Fixes Bug Exposing Users' Data

In a recent discovery by a security researcher, approximately 25 million users of the fertility tracking app Glow had their personal data exposed due to a bug in its online forum.

The exposed data included users' first and last names, self-reported age groups, location, unique user identifier within the Glow platform, and any uploaded images, such as profile photos.

Security researcher Ovi Liber identified the leak from Glow's developer API and reported it to the company in October. Glow promptly addressed the issue approximately a week later.

Typically, APIs are restricted to authorized users, but Glow's API was accessible to anyone, according to Liber.

Despite Glow confirming that the bug is fixed, they declined to provide further details on the incident. This lack of transparency raises concerns among users and cybersecurity experts alike.

Eva Galperin, cybersecurity director at the Electronic Frontier Foundation, emphasized the significance of such data exposure, suggesting that it could prompt users to reconsider their usage of Glow.

Glow, established in 2013, markets itself as a comprehensive period tracker and fertility app. However, this isn't the first time the company has faced privacy-related issues. In 2016, a privacy loophole allowed access to sensitive user data, and in 2020, Glow was fined $250,000 for failing to safeguard users' health information adequately.

This latest incident underscores the importance of robust data protection measures, especially for apps handling sensitive personal information like fertility and health data.