Yik Yak, the anonymous social platform that lets people converse with others nearby, has leaked the precise location of its users.
This was spotted by a student and verified by a researcher later, where it’s found that Yik Yak lets creeps find the location of targeted people with a simple proxy tool. It’s unknown whether the platform has patched this or not, although it released three updates in the last two weeks.
Yik Yak Leaking Location Data
Yik Yak, the once-popular platform for reading and conversing with anonymous chats in nearby locations, has rejuvenated in 2021 with new rules to avoid past mistakes. These include the removal of anonymity, cyberbullying, and an unsuccessful business model.
While it’s expected to perform well, the new version of the platform has exposed the precise location data of its users! This was found by a computer science student named David Teather, who shared his findings with Motherboard.
In the report, Yik Yak was said to have a flaw that let anyone obtain both the precise location for posts (within 10 to 15 feet) and users’ unique IDs. Matching up these two would let you spot a person’s location and track his moments.
David Teather used a proxy tool to make YikYak send both the precise GPS position and user ID with every message to him. In contrast, other general users only see vague distances and city identifiers. His findings were later verified by an independent researcher, so it’s confirmed to pose a serious risk.
While it’s unknown whether anyone has exploited this flaw or not, it’s safe to assume that Yik Yak users are exposed. The platform developer has released three updates between April 28th and May 10th, but it’s unknown if this flaw has been patched or not.