One researcher has uncovered serious security flaws in a health app, leaving sensitive user data exposed to potential breaches.
According to new findings from Ovie, a hacktivist and security researcher, the „WhatToExpect“ pregnancy app has some serious security problems that could put users at risk. Ovie discovered multiple vulnerabilities, including a major issue with the app’s password reset feature, which lets hackers easily take over user accounts. This is especially concerning for people storing sensitive reproductive health and abortion data in the app.
Ovie found that an exposed API endpoint could let hackers reset passwords without any proper checks, giving them full access to accounts. This is concerning with the current political climate around abortion access in the U.S., where abortion laws have been a huge focus since Roe v. Wade was overturned.
In response to this, companies have recognized the responsibility to protect sensitive health data. Google, for example, has taken steps to limit the collection of location data, especially for visits to clinics that provide abortion services. By disabling location history tracking for such visits, Google is helping to ensure that users‘ data is not misused, particularly in states where reproductive rights are criminalized.
