Foursquare Privacy Hole Leaks Nearly a Million Check-Ins

Illustration for article titled Foursquare Privacy Hole Leaks Nearly a Million Check-Ins

If you needed a reminder of why you're wary of location-based services, here's one: A (thankfully good-intentioned) hacker was able to snag data from some 870,000 Foursquare check-ins—even ones set only to be visible to friends.


Jesper Andersen built a website to exploit a hole in the "Who's Been Here" section of Foursquare's website, allowing him to scrape an estimated 70% of all check-in data in the San Francisco area over the last three weeks. That's a lot of shameful trips to Subway. Wired explains:

On pages like the one for San Francisco's Ferry Building, Foursquare shows a random grid of 50 pictures of users who most-recently checked in at that location - no matter what their privacy settings. When a new check-in occurs, the site includes that person's photo somewhere in the grid. So Andersen built a custom scraper that loaded the Foursquare web page for each location in San Francisco, looked for the differences and logged the changes.

Illustration for article titled Foursquare Privacy Hole Leaks Nearly a Million Check-Ins

Andersen, who says he's been "trying to be white-hat" about his find, let Foursquare know about the breach, and the site responded by adding a setting to opt out of the relevant section. Still, Andersen worries that users won't know to seek it out in the first place: "I certainly haven't seen a drop-off in check-in collections," he said. And that means he's still doing the collecting. [Wired]

Share This Story

Get our newsletter


MAKE2 Mifune

Ahhhh Social Media. When will people realize they don't need to share every aspect of their lives to feel validated/important?

Even though something like this happens, sadly, most people won't care, since they don't mind being 'seen' by anyone and everyone.

Part of my job entails writing up lawsuits and sending out service instructions to process servers. I frequently take advantage of people's naivete with social media to get their photos, so process servers know who to serve papers to, on top of finding out where they are/what they do. Dumbasses.