I haven’t heard of #Giggle before but apparently they not only had a pretty bad vulnerability allowing anybody to query information of all accounts, they also made some rather questionable privacy choices. https://research.digitalinterruption.com/2020/09/10/giggle-laughable-security/
So they would keep the selfie meant only for verification, store the user’s geographic coordinates and keep account data after deletion. But that’s not what makes this case notable. Problematic vulnerability disclosures aren’t uncommon, but #Giggle managed to stand out here.
So today she proceeded by once again attacking the researchers and criticizing journalists who were asking her about the security vulnerability, restating that it didn't exist.
Update: today #Giggle’s @email@example.com published a new statement. It’s a good first step, though for my taste it’s a bit thin on reflection of her own role in this mess. What’s still missing however is some statement on the privacy issues. Will these be fixed as well eventually?
A Mastodon instance for info/cyber security-minded people.