Foursquare Privacy Hole Leaks Nearly a Million Check-Ins

If you needed a reminder of why you're wary of location-based services, here's one: A (thankfully good-intentioned) hacker was able to snag data from some 870,000 Foursquare check-ins—even ones set only to be visible to friends.

Jesper Andersen built a website to exploit a hole in the "Who's Been Here" section of Foursquare's website, allowing him to scrape an estimated 70% of all check-in data in the San Francisco area over the last three weeks. That's a lot of shameful trips to Subway. Wired explains:

On pages like the one for San Francisco's Ferry Building, Foursquare shows a random grid of 50 pictures of users who most-recently checked in at that location - no matter what their privacy settings. When a new check-in occurs, the site includes that person's photo somewhere in the grid. So Andersen built a custom scraper that loaded the Foursquare web page for each location in San Francisco, looked for the differences and logged the changes.

Foursquare Privacy Hole Leaks Nearly a Million Check-Ins


Andersen, who says he's been "trying to be white-hat" about his find, let Foursquare know about the breach, and the site responded by adding a setting to opt out of the relevant section. Still, Andersen worries that users won't know to seek it out in the first place: "I certainly haven't seen a drop-off in check-in collections," he said. And that means he's still doing the collecting. [Wired]