Zero-character messaging app Yo has apologised for getting hacked – and has hired one of the hackers to improve its service.
The app, which does nothing more than let users send each other "Yo's" [sic], messages containing nothing but the word "Yo", confirmed it was the victim of a hack on Friday morning. The attackers, three students from Georgia Tech university, could push messages to users' phones, as well as read personal data from the company's user database.
"Yo started as a weekend project and exploded a little too soon," Or Arbel, Yo's developer and founder, said. "We were just finishing up rewriting the infrastructure in a proper and secure way, as suitable for production grade apps, when it suddenly blew up and went viral."
But now Arbel argues that being hacked has benefits.
"We were lucky enough to get hacked at an early stage and the issue has been fixed," he said on Saturday. "We are also lucky because this hack and security breach is really highlighting what Yo is, and what we are all about."
Yo's minimalist model means little user data was at risk, Arbel argues: "The object of the app is to be simple. When you join it doesn’t ask you for your email, full name, Facebook account, or any other piece of personal information. The only identity within the Yo app is your username. We don’t want or need any other personal information. We want you to be able to give out your Yo username to anyone or any service without being afraid of suddenly getting a spammy email or a text message."
As a result, the only piece of personal information leaked by the hackers was the phone numbers of users who opted in to the "Find Friends" feature. Those numbers, and the Yo usernames they were associated with, were briefly made public at the "Yo-Hack" website.
The hack was made possible due to the fact that "our database had an open access from the app itself, a fact that allowed any malicious party to read the user information," Arbel explained.
But once the issue was fixed, the company got back in touch with the hackers, and enlisted one of them to work with the company, "improving Yo experience in other aspects as well".
guardian.co.uk © Guardian News and Media Limited 2010