Yo, the messaging app that does just one thing, sending a "yo" message to a friend, has been hacked.
We working on the securities issues that came to our attention. We want you to know we take this very seriously.
— Yo (@YoAppStatus) June 20, 2014
The company confirmed to TechCrunch that the app is "having issues" and that they're working with security specialists to resolve them — though they didn't specify which vulnerabilities they had patched and which were still open to exploitation.
It all started this morning when hackers (reportedly a few Georgia Tech students) hacked into the app and gained access to user phone numbers that Yo uses to help you connect with friends. They also learned that despite the app's cute moniker, you can send non "yo" messages using the app.
The startup's reported $1 million in seed funding and enthusiasm from the likes of venture capitalist Marc Andreessen aside, the app demonstrates one of the most troubling issues with fly-by-night tech operations: a complete lack of consideration for security, reports Quartz:
But the security holes could threaten Yo as it starts to take off. [Founder Or] Arbel said he developed the first version of Yo in only eight hours. Like a lot of mobile app developers, he relied on Parse, a service that handles the routine plumbing that all apps rely on. But Arbel’s code left several holes that could expose users’ data.
But if you, like me and some 450,000 other people, downloaded Yo this week to see what all the fuss was about, you might be itching to hit the delete button right now. Unfortunately deleting the app won't remove your personal information from their databases. There's also no way to do that within the app.
We asked Yo about this, and Arbel said that they will delete users who ask for it. All you have to do is email firstname.lastname@example.org, ask to be removed and that's it. That being said, the company is taking the security flaws seriously and has moved within hours to patch the issues. So follow your heart.