After Friday night's report Yo had been hacked and people were sending "Yos" as Elon Musk (among other things), Yo founder Or Arbel told TechCrunch that Yo was “having security issues.”
On Saturday Arbel wrote in a Medium post, "We were lucky enough to get hacked at an early stage and the issue has been fixed."
If you haven’t used the FIND FRIENDS feature, the only piece of information that was leaked was your Yo username.
The optional feature of FIND FRIENDS uses your phone number to let you know who of your friends are using Yo. I want to make it clear that your contacts (from your phone’s address book) are never stored in the database, and were never leaked because we simply don’t store them.
Perhaps I'm being unfair -- I've been accused of this in the past. Though I'll argue that it takes a village to abandon a baby. TechCrunch looked much deeper than my superficial pass from the start, introducing Yo as "the hottest new app" and "the beginning of a new era."
In fact, TechCrunch went colon-deep to promote Yo, philosophizing that "Yo’s digital dualism play is far more understated, but perhaps more universal."
It was a stellar write-up, whatever it meant. And I'll concede that under the weight of such praise, I'll bet it's easy to space out on the whole "user security" part of your job.
The Yo devs did absolutely nothing to try and prevent this from happening. It’s only a matter of time before someone malicious discovers.
It's tempting to congratulate Silicon Valley for producing another Snapchat -- a venture capital vehicle much like a bus, under which users are thrown. While a new CSIS report estimates that the global cost of hacking and cybercrime is $445 billion annually, the people with the most power, money and influence are practically giving away their user databases to anyone who tries the front door just to see if it's unlocked.
Some might argue that dumb users get what they deserve; that the 500K people who signed up for Yo are equally as stupid as -- well, anyone who had a hand in delivering this data theft honeypot to the public. But that wouldn't be correct. You can't accuse people of stupidity when they've been deceived.
By signing up for Yo though the Play Store and iTunes, each of Yo's users had a reasonable expectation of some vetting, of a baseline security.
Go down the failure and deception chain any way you like with this one, but make sure you pack a sandwich because you'll be lost in that funhouse of #fail for a while.
"[Success] is not about the technology, it's about the execution."