People invested $1.2 million in an app that had no security

Proving that no one learned from Snapchat's security and privacy spectacle, people invested $1.2 million on an app that had no security. Despite the news it was hacked, Yo still isn't coming clean.
Written by Violet Blue, Contributor
yo app hacked

Proving that no one learned from Snapchat's security and privacy spectacle, people invested $1.2 million in an app that had essentially no security.

Despite the news it was hacked only days after its media fanfare, Yo still isn't coming clean.

Last week free Android and iOS app "Yo" was top in Google Play and iTunes downloads and hot in tech press, with much fanfare focusing on its pointlessness, popularity and sizable cash backing. 

By Friday night the app had been hacked five ways until Sunday (literally).

After Friday night's report Yo had been hacked and people were sending "Yos" as Elon Musk (among other things), Yo founder Or Arbel told TechCrunch that Yo was “having security issues.”

On Saturday Arbel wrote in a Medium post, "We were lucky enough to get hacked at an early stage and the issue has been fixed."

If you haven’t used the FIND FRIENDS feature, the only piece of information that was leaked was your Yo username.

The optional feature of FIND FRIENDS uses your phone number to let you know who of your friends are using Yo. I want to make it clear that your contacts (from your phone’s address book) are never stored in the database, and were never leaked because we simply don’t store them.

But that's not exactly true.

In terms of safeguarding user information, Yo left the baby in the shopping cart at the grocery store during a zombie outbreak of Pedobears.

Yo's response was less than adequate.

Perhaps I'm being unfair -- I've been accused of this in the past. Though I'll argue that it takes a village to abandon a baby. TechCrunch looked much deeper than my superficial pass from the start, introducing Yo as "the hottest new app" and "the beginning of a new era."

In fact, TechCrunch went colon-deep to promote Yo, philosophizing that "Yo’s digital dualism play is far more understated, but perhaps more universal." 

It was a stellar write-up, whatever it meant. And I'll concede that under the weight of such praise, I'll bet it's easy to space out on the whole "user security" part of your job.

It's tempting to congratulate Silicon Valley for producing another Snapchat -- a venture capital vehicle much like a bus, under which users are thrown. While a new CSIS report estimates that the global cost of hacking and cybercrime is $445 billion annually, the people with the most power, money and influence are practically giving away their user databases to anyone who tries the front door just to see if it's unlocked.

Some might argue that dumb users get what they deserve; that the 500K people who signed up for Yo are equally as stupid as -- well, anyone who had a hand in delivering this data theft honeypot to the public. But that wouldn't be correct. You can't accuse people of stupidity when they've been deceived.

By signing up for Yo though the Play Store and iTunes, each of Yo's users had a reasonable expectation of some vetting, of a baseline security.

Go down the failure and deception chain any way you like with this one, but make sure you pack a sandwich because you'll be lost in that funhouse of #fail for a while.

"[Success] is not about the technology, it's about the execution."

-Yo investor Moshe Hogeg

If Yo is an example of typical Silicon Valley business practices, then we're in a lot of trouble.

Editorial standards