Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

Uber’s product manager on hotels, robotaxi and why the company doesn’t want to be “everything to everyone”

Hermes agent maker Nous Research is in talks for fresh funding at a $1.5 billion valuation

Already rich, already successful, because the latest wave of tech winners is grinding again

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    Already rich, already successful, because the latest wave of tech winners is grinding again

    14 July 2026

    Should artificial intelligence help you get away with murdering your husband?

    13 July 2026

    Meta enters the crowded AI coding fray with Muse Spark 1.1

    13 July 2026

    Can AI answer the $3 trillion question?

    12 July 2026

    OpenAI shuts down Atlas, but AI browser ambitions keep growing

    12 July 2026
  • Apps

    Waze adds new AI-powered features and customization updates

    14 July 2026

    As TV-watching app TV Time shuts down, its founder creates Bingers, a new home for fans

    13 July 2026

    Elon Musk says X will send DMs when posts you’ve interacted with are fixed

    13 July 2026

    ‘Slow-cial’ Roost app forces you to slow down to the speed of a carrier pigeon

    12 July 2026

    Character.AI is entering the micro-drama arena with its own productions, but there’s a twist

    12 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    Don’t want to invest in Elon Musk? Two new ETFs expressly exclude him

    10 July 2026

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026
  • Hardware

    Meta’s new AI chips will begin production in September

    12 July 2026

    This slush machine was a lifesaver during the New York heat wave

    12 July 2026

    Dumb Co dared me to exchange my iPhone for a hacked phone

    11 July 2026

    SK Hynix raises $26.5 billion in largest foreign public IPO in US history, set to build new fabs in US

    11 July 2026

    After Apple, smartphone manufacturing boom in India enters new phase with Vivo JV

    10 July 2026
  • Media & Entertainment

    12 states sue to block $110 billion Paramount deal from Warner Bros

    14 July 2026

    Netflix could be planning “always on” live TV channels.

    11 July 2026

    Netflix is ​​dealing with shorter video content with its new set of publisher deals with Variety and others

    8 July 2026

    Netflix invented binge watching. Now he may be over it.

    7 July 2026

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026
  • Security

    Apple says ex-employee exploited ‘rare’ bug to download confidential files after leaving for OpenAI

    13 July 2026

    US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

    11 July 2026

    Florida ransomware dealer convicted of helping ransomware gang extort US companies

    10 July 2026

    Hacktivists call out Trump by hacking and defacing US military websites

    8 July 2026

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026
  • Startups

    AI chip maker SambaNova raises $1 billion at $11 billion valuation, 5 months after last mega round

    12 July 2026

    Hot French startup ZML releases free product to speed up inference on multiple AI chips

    12 July 2026

    Former OpenAI executive Kevin Weil is now on Stoke Space’s board

    11 July 2026

    Phia Accused of ‘Cookie Stuffing’, Taking Affiliate Credit for Unearned Purchases

    11 July 2026

    Oratomic raises $300M to build sustainable quantum computer that only needs 20,000 qubits

    10 July 2026
  • Transportation

    Uber’s product manager on hotels, robotaxi and why the company doesn’t want to be “everything to everyone”

    14 July 2026

    SpaceX decided to fly Starship again after the booster failed in May

    13 July 2026

    TechCrunch Mobility: A robotaxi ultimatum

    12 July 2026

    Slate Auto partners with Crayola to paint its EV truck

    10 July 2026

    Autonomous drone delivery startup Manna plans major US expansion

    9 July 2026
  • Venture

    Hermes agent maker Nous Research is in talks for fresh funding at a $1.5 billion valuation

    14 July 2026

    Filed Under: College Fizz App Accuses VC Of Sharing Confidential Startup Info With Rival Sidechat

    11 July 2026

    Charles Hudson shares the common mistakes he’s seen after investing in 500+ startups

    10 July 2026

    Nandan Nilekani steps down as GP at Fundamentum as it launches third $200m fund

    9 July 2026

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»The Glow fertility tracker fixes a bug that exposed users’ personal data
Security

The Glow fertility tracker fixes a bug that exposed users’ personal data

techtost.comBy techtost.com13 February 202403 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
The Glow Fertility Tracker Fixes A Bug That Exposed Users'
Share
Facebook Twitter LinkedIn Pinterest Email

A bug in the online forum for fertility tracking app Glow exposed the personal data of about 25 million users, according to a security researcher.

The bug exposed users’ first and last name, self-reported age group (such as children aged 13-18 and adults 19-25 and 26 and over), the user’s self-described location user ID, the application’s unique user ID (within Glow’s software platform), and any images uploaded by users, such as profile pictures.

Security researcher Ovi Liber told TechCrunch that he found a leak of user data from Glow’s developer API. Liber reported the bug to Glow in October and said Glow fixed the leak about a week later.

An API allows two or more internet-connected systems to communicate with each other, such as a user’s application and the application’s back-end servers. APIs may be public, but companies with sensitive data typically limit access to their own employees or trusted third-party developers.

Liber, however, said Glow’s API was accessible to anyone since he is not a developer.

An unnamed Glow spokesperson confirmed to TechCrunch that the bug has been fixed, but Glow declined to discuss the bug and its impact on the file or provide the representative’s name. As such, TechCrunch is not printing Glow’s response.

In a blog post published on Monday, Liber wrote that the vulnerability he found affected all 25 million Glow users. Liber told TechCrunch that accessing the data was relatively easy.

Contact us

Do you have more information about similar flaws in fertility tracking apps? We would love to hear from you. From a non-working device, Lorenzo Franceschi-Bicchierai can be reached securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or email at lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.

“Basically I was connected to my Android device [network analysis tool] I quickly looked in the forum and saw the API call that returned the user data. That’s where I found IDOR,” Liber said, referring to a type of vulnerability where a server lacks the proper controls to ensure that access is granted only to authorized users or developers. “Where they say it should only be available to developers, [it’s] Not true, it’s a public API endpoint that returns data for each user — the attacker just needs to know how the API call is made.”

While the leaked data may not seem highly sensitive, one digital security expert believes Glow users deserve to know that this information is accessible.

“I think it’s a very big deal,” Eva Galperin, director of cybersecurity at the digital rights nonprofit Electronic Frontier Foundation, told TechCrunch, referring to Liber’s investigation. “Even without entering into the question of what it is and what it is not [private identifiable information] under which legal regime, people who use Glow could seriously reconsider their use if they knew that this data about them had been leaked.”

Glow, released in 2013, describes himself as “the world’s most comprehensive period and fertility tracking app”, which people can use to track their “menstrual cycle, ovulation and fertility signs, all in one place”.

In 2016, Consumer Reports found that data and feedback from Glow users about their sex lives, history of miscarriages, abortions and more was accessible because of a privacy loophole related to how the app allowed couples to link their accounts and share data. in 2020, Glow agreed to pay a $250,000 fine following an investigation by the California Attorney General, who accused the company of failing to “adequately ensure [users’] health information’ and ‘allow access to user information without user consent’.

API bug cyber security data exposed fertility fixes Glow Leakage personal privacy shine tracker Users vulnerabilities vulnerability
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleFlowFi Takes First Funding to Give Founders Financial Insights
Next Article YC-backed Cambio calls AI bots to negotiate debt, talk to a bank’s customers
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Apple says ex-employee exploited ‘rare’ bug to download confidential files after leaving for OpenAI

13 July 2026

US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

11 July 2026

Florida ransomware dealer convicted of helping ransomware gang extort US companies

10 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

Uber’s product manager on hotels, robotaxi and why the company doesn’t want to be “everything to everyone”

14 July 2026

Hermes agent maker Nous Research is in talks for fresh funding at a $1.5 billion valuation

14 July 2026

Already rich, already successful, because the latest wave of tech winners is grinding again

14 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

Don’t want to invest in Elon Musk? Two new ETFs expressly exclude him

10 July 2026

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026
Startups

AI chip maker SambaNova raises $1 billion at $11 billion valuation, 5 months after last mega round

Hot French startup ZML releases free product to speed up inference on multiple AI chips

Former OpenAI executive Kevin Weil is now on Stoke Space’s board

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.