Foursquare security breach exposes 875,000 check-ins

Alex Wagner
Editorial Director of News and Content from  Omaha, NE
| Published: June 30, 2010

Foursquare privacy

Foursquare is one of the more controversial social networks available, as many don't want people knowing where they are at any given time.  Those fears have gotten real as hacker Jesper Andersen revealed a security breach with the Foursquare website. This hole allowed him to snag data from 70 percent of all check-ins in the San Francisco area over the last three weeks.  That adds up to around 875,000 check-ins.  Wired explains how Andersen's hack worked:

On pages like the one for San Francisco’s Ferry Building, Foursquare shows a random grid of 50 pictures of users who most-recently checked in at that location — no matter what their privacy settings. When a new check-in occurs, the site includes that person’s photo somewhere in the grid. So Andersen built a custom scraper that loaded the Foursquare web page for each location in San Francisco, looked for the differences and logged the changes.

The hole has been shared with Foursquare, who responded by allowing the option to opt out of the "Who's Been Here" section.  Andersen, who says he is "trying to be a white-hat," says he hasn't seen a drop-off in his check-in data, meaning people may not be aware of the change.

It seems like every social network goes through some sort of security issue at least once in its lifespan, and Foursquare is no different.  This news is kind of startling, but at least Andersen is using what he's learned for good rather than trying to exploit the data for evil.  Since Foursquare involves giving out such sensitive data, hopefully the company will learn from this mistake and up its privacy measures.  I don't need any hacker knowing how many times I check into Starbucks every week.

Via Wired