Mental health app exposed emails of 78,000 users in massive data leak

Mental health application Feelyou recently patched an issue that saw the email addresses of its nearly 80,000 users exposed online.

Owned by the Japan-based company bajji, Feelyou is self-described as the first journaling and social mood tracking app. It allows users to share their feelings with others either publicly or anonymously. It’s tagline is, “It’s O.K. not to be O.K.”

The app allows you to track your mood and include notes on it, which others can respond to. It says the community it fosters can help improve both people’s moods and the environment.

Up until last week, however, anyone could obtain the personal email addresses of users and link them to anonymous posts by simply accessing the app’s GraphQL application programming interface (API), which did not require any authentication to do so.

The vulnerability was affected the app’s 77,967 users in 177 countries.

In the same time, the building materials giant Knauf reported it has been the victim of a hacker attack that has impacted its business operations, forcing its global IT team to shut down all IT networks to isolate the cyber security incident.