Joseph Cox reports:
Remini, a smartphone app that launched in 2013, aims to provide parents and educators with a social network to follow a child’s progress throughout school and their early life, documenting important milestones and letting parents share images with their child’s school.
But Remini exposed these, and the personal information of its users to the internet writ large, thanks to an API that let anyone pull the data without any sort of authentication. The data included email addresses, phone numbers, and the documented moments of the children as well as their profile photos, according to a researcher who discovered the issue.
Remini has since taken the exposed API offline, but only after multiple complaints from a user as well as the researcher. The company confirmed the security issue to Motherboard.
Read more on Motherboard.
h/t, Joe Cadillic