back to article #YO_NO! Messaging app 'Yo' gets hit by hackers

Just days after the Yo app debuted to much fanfare (and head-scratching), the mono-message social tool has fallen prey to hackers. A group of students from Georgia Tech University claim via TechCrunch to have accessed the application's entire user database, and gained the ability to obtain the phone number of anyone currently …

COMMENTS

This topic is closed for new posts.
  1. Graham Marsden
    Facepalm

    Y'oh!

    The post is required, and must contain letters.

    1. toor

      Re: Y'oh!

      hacked

  2. This post has been deleted by a moderator

  3. mafoo
    Joke

    one word..

    fail

  4. SVV

    So, Yo....

    All Yo user-base is belong to us

    1. Anonymous Coward
      Anonymous Coward

      Re: So, Yo....

      All Yo user-base are belong to us

  5. Mark 85 Silver badge

    Something smells rotten here...

    One million dollars... for an app that sends one word and they got hacked. Or did they? Maybe the "investor" was paying for phone numbers? Or just very sloppy security....

    Still... a million dollars for an investment in this. The mind boggles.

    1. Eddy Ito

      Re: Something smells rotten here...

      I don't know, I was kind of thinking it was only a million dollars. Come on, for a start-up in San Francisco that obviously needs to hire a couple of people, especially a good security goo-roo, a million smacks is going to burn up faster than Skylab deorbiting.

      I mean it's only a million dollars. Did anyone even notice when Facebook had a million bucks? Why is everyone paying attention to a little yo-yo? Put it another way, you can pay 10 guys a salary, benefits and taxes for about year but you still haven't paid the rent in San Francisco (a smart start-up lives in Idaho or Colorado where it's cheap) - what million dollars?

      1. Jonathan 27

        Re: Something smells rotten here...

        Any money at all is wasted on an app that doesn't have any new functionality and is basically just a reduced-functionality clone of a popular app (any IM app).

        P.S. writing an app to send other people "Yo" and the infrastructure behind that does not require 10 people.

        1. Eddy Ito

          Re: Something smells rotten here...

          "P.S. writing an app to send other people "Yo" and the infrastructure behind that does not require 10 people."

          Ok, a voicebox, a bean counter and a bit twiddler. Congratulations, you just bought six months overhead in San Fran. Your point is?

          1. jonathanb Silver badge

            Re: Something smells rotten here...

            And what benefits does having an office in San Francisco bring to this company vs having an office in for example Bangalore?

            Obviously San Francisco attracts the best programmers in the world, including the best from India, and that is of benefit to companies with more demanding tech requirements, but not for this company.

            1. Anonymous Coward
              Anonymous Coward

              Re: Something smells rotten here...

              And what benefits does having an office in San Francisco bring to this company vs having an office in for example Bangalore?

              Instant sponsorship by the NSA to take a feed of whatever goes through that network. Duh.

              1. Pet Peeve

                Re: Something smells rotten here...

                Whatever goes through the network?

                "Sir, Sheik Mohammed Al Dean has just sent a "Yo" to one of his followers."

                "Send in the drones immediately!"

                This app makes no freaking sense other than a joke. Maybe the million was a way of funneling money to a friend? Or maybe the backer was just that stupid.

  6. fridaynightsmoke
    Paris Hilton

    My new app - accepting investment now

    My new groundbreaking app sends the word "Tosser." to selected people on your contact list, by various means.

    I'm looking for £2m for 50%.

  7. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      Re: WUT

      That's because you are clearly over 25 and are no down with da kids...

      Or just not stupid enough to hand over all your personal details to some random person on the web.

  8. wolfetone Silver badge

    Makes sense now

    I read somewhere that the price of someone's data is about $10 to $15. Yo gets $1,000,000 "investment", then this happens.

    Sounds like this investment could be just a payment for user data.

    And, Reg, if you could allow mobile users to select an icon when posting a comment that'd be great.

  9. Mitoo Bobsworth
    Devil

    Simple vector app attracts simple end users...

    Simply no surprises there.

  10. Anonymous Coward
    Anonymous Coward

    VC....

    Usually want some return for their investment..they give you a million dollars and you give them assets that when the company becomes successful they sell those assets to retrieve their investment plus lots of additional money.

    Well that is how I understood it worked. How can a shitty one trick pony app ever return that investment? Its obvious that the code is crap and thus the coders are crap so that doesn't make for any sort of return.

    1. Anonymous Coward
      Anonymous Coward

      Re: VC....

      The clue is in the name Venture Capitalist

      Venture - undertake a risky or daring journey or course of action.

      VCs will risk their money based on the possible return. Many of their ventures will fail and they will lose all or part of their money, some will barely succeed and very rarely you get something like Facebook or Twitter.

      Of course everybody would like to win the lottery and bankroll something like Facebook but the reality is that most new start-ups fail and the VC's know this when they invest.

      1. Anonymous Coward
        Anonymous Coward

        Re: VC....

        Yes but there has to be some possibility of a return on their investment. YO! seem to have no obvious marketing model or business plan, or even future. There is a big difference between investing in a risky business and basically flushing your money down the toilet.

        1. dan1980

          Re: VC....

          @AC

          Surely the business plan that the VCs are looking at involves getting bought by another company (like Facebook) for significantly more than has been invested.

          Facebook has the goal of being the hub for all social communications so if this app in any way reduces the amount of time that people are communicating using FB's services then that may be something they want to look at.

          It's not just the sent 'Yo' - it's that the recipient may well respond and that one 'Yo' will become the launch-point for a whole conversation, which will be carried out via SMS and thus lost to Facebook.

          Or maybe not but that seems likely to me.

          1. cordwainer 1
            Coat

            Re: VC....

            @dan1980

            You're one of the investors, aren't you?

            1. Anonymous Coward
              Anonymous Coward

              Re: VC....

              @dan1980

              You're one of the investors, aren't you?

              I don't think he is, he's trying out the VC side of the debate (that's the whole idea of a discussion, shake a proposition and see what falls out). I'm not convinced about this train of thought that you just have to throw money at everything and hope it sticks - especially me-too setups are extremely fickle and messaging is not exactly a new idea.

              I guess the money in this case is to be on the receiving site, run enough of these startups and you can collect a pile too.

              1. dan1980

                Re: VC....

                MONEY!!!!! HAHAHAHAHAHHAHAHA!!!!!!

                Seriously, though, $1m is just not that much money - especially spread around a few groups.

                Maybe the app isn't worth it, but it may well be seen as capable of impacting (e.g.) Facebook to the tune of $1m. Facebook, as Google, has a relatively simple business model, which is to be an eco-system that users spend a lot of time connected to. That allows them to find out a lot about their users and therefore makes those users more valuable, from an advertising pespective.

                It can be as simple as requiring users log into 'Yo!' with a Facebook account - we all know that such a process would inevitably slurp a bunch of contacts from users not paying attention when clicking.

                Also, consider that there is value in knowing the real connections between people. One thing Facebook has done is give everyone this huge web of 'Friends' (okay, not 'everyone'!) which is great for some things, but also dilutes some of the value of knowing those associations. Facebook knows most of the 'Friends' people have are very loose connections so being able to qualify exactly which people are really friends raises the value.

                The same is true of WhatsApp - an app that provides information about the connections between different users and was likely taking traffic away from the Facebook ecosystem.

              2. cordwainer 1
                Facepalm

                Re: VC....

                @Anonymous Coward

                Not familiar with the icons, eh?

      2. Anonymous Coward
        Anonymous Coward

        Re: VC....

        The clue is in the name Venture Capitalist

        In my experience, the term Vulture capitalist is more appropriate. The ones I met (admittedly they were not Americans) operate like banks: in order to provide you with capital that is very expensive (think mucho equity) for taking a risk, they want you first to prove that there is little risk. Banks compel you to prove you don't need a loan before you can get one..

        What I don't get is how these people are so epically desperate to find the next best thing that they abandon all critical thinking. A messaging app? Honestly?

        It's the whole dot con era all over again. Or it's money laundering with a new banner - one way or the other, it's just plain weird.

        1. Anonymous Coward
          Anonymous Coward

          Re: VC....

          You do not have to accept the VC's money or their terms. You could take out a second mortgage, convince your friends and family to invest in you, take out loans etc. But my guess is that you think it is to risky to put your home and your friends and families savings at risk in this venture yet you complain because the VC factors that same risk into the investment offer they make to you.

          > What I don't get is how these people are so epically desperate to find the next best thing that they abandon all critical thinking. A messaging app? Honestly?

          Yeah, I mean who wants a messaging service that limits you to 140 characters when there are other services that don’t have those restrictions? Those people at Odeo must be nuts if they think I'm going to invest in them....

          Yo might fail (probably will fail) but sometimes the craziest ideas just take off for some reason.

          > It's the whole dot con era all over again. Or it's money laundering with a new banner - one way or the other, it's just plain weird.

          Venture Capitalists aren't money laundering. They are giving businesses a chance to succeed.

  11. cordwainer 1
    Headmaster

    "We are working on the securities issues..."

    Working on their IPO seems an odd response to a security breach...

  12. Paul Hovnanian Silver badge

    App evidently written ...

    ... by a bunch of yo-yos.

    1. Anonymous Coward
      Anonymous Coward

      Re: App evidently written ...

      My new app sends out D'oh

      It's called Homie and is fully compatible with all Yo messaging protocols.

      10 users already and rising, yours for 10 mil.

  13. buyone

    Yo; money

    Obviously none of the posters has a mental age of 8.......... so they are not going to get stinking rich.

  14. Valerion

    Aahm Oot

    Would have loved to have seen this try on Dragons Den.

  15. Stevie

    Bah!

    So, coursework load not so heavy then?

This topic is closed for new posts.

Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Google: How we tackled this iPhone, Android spyware
    Watching people's every move and collecting their info – not on our watch, says web ads giant

    Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG).

    RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular spyware runs on both iOS and Android phones.

    We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It's said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.

    Continue reading
  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading
  • Microsoft fixes under-attack Windows zero-day Follina
    Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs

    Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities.

    Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild.

    Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so that when opened it calls out to the Microsoft Windows Support Diagnostic Tool, which is then exploited to run malicious code, such spyware and ransomware. Disabling macros in, say, Word won't stop this from happening.

    Continue reading
  • Telegram adds paid tier as it cracks 700 million users
    Without so much as a mention of encryption, but with a pastel-hued emoji-heavy nod to ‘sustainable monetization’

    Messaging app Telegram, which came to prominence for offering end-to-end encryption that irritated governments, has celebrated passing 700 million active monthly users with a pastel-hued announcement: a paid Premium tier of service.

    A Sunday post celebrates the 700 million user milestone by announcing a $4.99/month tier. The Premium tier distinguishes itself from the freebie plebeian tier with the ability to upload 4GB files, unthrottled downloads that come as fast as users' carriers will allow, and the chance to follow up to 1000 channels, create up to 20 chat folders each containing up to 200 chats, and to run four accounts in the Telegram app.

    Paying punters will also get exclusive stickers and reactions and won't see ads once they sign up to hand over coin each month.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • Info on 1.5m people stolen from US bank in cyberattack
    Time to rethink that cybersecurity strategy?

    A US bank has said at least the names and social security numbers of more than 1.5 million of its customers were stolen from its computers in December.

    In a statement to the office of Maine's Attorney General this month, Flagstar Bank said it was compromised between December and April 2021. The organization's sysadmins, however, said they hadn't fully figured out whose data had been stolen, and what had been taken, until now. On June 2, they concluded criminals "accessed and/or acquired" files containing personal information on 1,547,169 people.

    "Flagstar experienced a cyber incident that involved unauthorized access to our network," the bank said in a statement emailed to The Register.

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading
  • More than $100m in cryptocurrency stolen from blockchain biz
    'A humbling and unfortunate reminder' that monsters lurk under bridges

    Blockchain venture Harmony offers bridge services for transferring crypto coins across different blockchains, but something has gone badly wrong.

    The Horizon Ethereum Bridge, one of the firm's ostensibly secure bridges, was compromised on Thursday, resulting in the loss of 85,867 ETH tokens optimistically worth more than $100 million, the organization said via Twitter.

    "Our secure bridges offer cross-chain transfers with Ethereum, Binance and three other chains," the cryptocurrency entity explained on its website. Not so, it seems.

    Continue reading

Biting the hand that feeds IT © 1998–2022