Consumer Reports recently tested the security and privacy features on a popular women’s health and fertility app called Glow. It’s designed to help women track their monthly cycles and get pregnant.
The app asks for very personal information, like how you slept, whether you use birth control and even if you’re constipated.
Consumer Reports discovered that people with little to no hacking skills could link their Glow account to another user’s account without the other person knowing it. Also, using common security software, Consumer Reports could see the personal data of any user who posted a message in the app’s forums.
In another test, Consumer Reports found it was fairly easy to change a user’s password and take over their account.
In response, Glow has since fixed these security issues and says "there is no evidence to suggest that any Glow data has been compromised.”
Glow says it has contacted all users to change their password, update the app and relink with their partner’s account.
Glow issued the following statement in regards to the Consumer Reports test:
“We appreciate Consumer Reports bringing to our attention some possible vulnerabilities within our app. The industry only gets stronger with white hats who are looking to protect consumers. Once informed, our team immediately worked to address and correct the potential issues and have since released an updated version of the app. We also informed users via email to consider changing their password as an extra precaution. Of the more than 4 million users across our apps, far less than 0.15% of our users could have potentially been impacted, but there is no evidence to suggest that any Glow data has been compromised.” -- Jennifer Tye, Glow's Head of US Operations