Recent reports disclosed details about a data breach incident in a renowned mental health application called Feelyou. The incident, as reported, had exposed about 78,000 users of the app to the public, causing security concerns.
The researchers that discovered the security breach said that the issue was found during a reverse engineering procedure on various mental health tracking applications, including Feelyou. The app’s owner was immediately contacted upon learning of the incident, which they said had already been patched last July 16.
Before the issue was fixed, the email addresses of the affected Feelyou users were exposed publicly. The app’s developers also added that they had been only made aware of the issue when security researchers had reached out to them. As also claimed, no other unauthorised entity besides the security researchers had accessed the exposed information.
Aside from the exposed email addresses of the mental health app’s users, its developers cleared that no other sensitive details were included in the compromise.
The app strictly contains other identifiable information of users, like their names, phone numbers, and passwords, as claimed by its owners; hence no other details are included in the compromise.
On the other hand, security researchers stressed that application developers must also prioritise their users’ cybersecurity aside from only focusing on selling their services. There are also concerns about mental health apps being questionable about leveraging people’s mental conditions and allegedly profiting off them.
Mozilla had a study last May concerning the privacy features of several mental health applications available on the market, which revealed that almost all of them have critical security issues and had failed to meet minimum security standards.
Based on the study, these apps in question also allow weak passwords from their users, target them with personalised ads, and establish vague privacy policies – all while collecting their users’ sensitive mental situations.
Thus, all application owners must be aware of the environment they offer to their clients, especially their cybersecurity, as these people entrust them with numerous sensitive information, and it is only right to protect them from all forms of compromise.
