A mobile application designed to help iPhone users manage insomnia has been found exposing sensitive user data, raising serious privacy and cybersecurity concerns. Insomnia Helper, an iOS app designed to improve sleep quality, left more than 25,000 users’ personal and health-related data publicly accessible due to a misconfigured backend. The exposed data included full names, email addresses, birth dates, gender, sleep patterns, and information on alcohol, nicotine, and medication use. Activities performed before sleep and other behavioral details were also part of the leak. The data was stored on an improperly secured Firebase server—a cloud-based database platform widely used by mobile apps. the app also revealed its own internal development secrets in the client-side code. These included API keys, database URLs, Google App IDs, and project IDs—details that could be exploited by attackers to access back-end services, impersonate the app, or run operations at the expense of the app’s operator. The case of Sleep Journey underscores the importance of robust security configurations, especially in apps that collect sensitive health data. While designed to enhance well-being, such tools can easily become a privacy liability when basic protections are overlooked.
Thank you for reading this post, don't forget to subscribe!Sleep Aid App Exposes Personal And Health Data Of Over 25000 Users Due To Security Flaw
