Blind is the anonymous social network that let employees vent out their workplaces frustrations. It also lets workers share more serious issues such as improper conduct, wrongdoing or unfair treatment of employees. Blind caused problems for its users when it left its server unprotected.
Anyone who knew where to look could easily find users’ identities and information. Blind’s extreme negligence can lead to serious repercussions if the whistleblowers’ identity becomes known to their employers.
The South Korea-founded company was launched in the US market back in 2015. Blind achieved rapid success as it became a highly popular anonymous social network for the leading tech companies. Some of the big names include Apple, Facebook, Google, Microsoft, Twitter, and Uber among many other.
Blind has been a financial success as well as it raised six million dollars last year. The company raised another ten million dollars just last month. But the app truly became mainstream when it revealed sex scandals at Uber. This resulted in Uber blocking the app on its corporate network.
Mossab H, a security expert discovered the flaw and informed Blind about the massive lack of security. Mossab discovered the flaw existed in the server backend on both Korean US version of the app. According to Blind, the flaw only impacts users who signed up or logged in between November 1 and December 19.
Blind executive Kyum Kim wrote in an email,
“the exposure relates to a single server, one among many servers on our platform.”
Blind acted totally blind (pun intended) to this massive oversight that left so many users in a state of concern. The social network only closed the server when Techcrunch followed up by email a week later. Techcrunch asked for a comment, and the company started sending emails to its users informing about the un-secure server.
The email said,
“While developing an internal tool to improve our service for our users, we became aware of an error that exposed user data.”
Kim said that no data was mishandled but did not mention how the company was so confident in its stance.
The company did not specify if it will be reaching out to US state regulators. Blind’s chief executive Sunguk Moon did not even acknowledge the affected server.
The social network shouldn’t have gotten itself into this mess in the first place. It claims that email addresses are only used for verifying users’ accounts. This allows users to talk to co-workers anonymously. Blind also added that it did not save users’ email addresses on its servers.
Just by doing some digging it can be seen that Blind may not be innocent as it claims to be. The exposed data shows many flaws. The database gave access to a real-time stream of users’ logins, users’ posts, comments and interactions between users.
This allowed third parties to read users’ private comments and posts. The database also exposed unencrypted private messages exchanged between other users. It did not expose users’ associated email addresses.
Techcrunch didn’t find any exposed information, such as user comments or messages, linked to users’ email addresses. Techcrunch only found a unique member ID. This wasn’t ideal for Blind or its users since others could identify a user who posts in the future, using the unique member ID.
So all in all this situation is much worse than Blind is letting on. It truly is trying to turn a blind eye to this fiasco. The consequences can be immense, and actual users’ careers and even lives are at stake here.
Most of these users have high-pressure jobs, in a cutthroat, high paced environment. Every little bit of information could spell trouble if it got in the wrong hands. Let me just put on my tin foil hat and go as far as to say, Blind may have done this on purpose.
This is a bold claim I know, but just hear me out. Tech companies know why Blind exists. It’s to anonymously discuss the misdeeds occurring in the workplace. Some tech company or even tech companies could have secretly paid some worker at Blind to purposely leave the server un-secure.
This could have been done by a company who had reason to believe its employees were unhappy, or it could have been done by another company to drag the company’s reputation through the mud. Other companies might want to get the upper hand on their rivals.
There are a lot of questions left unanswered, but currently, Blind’s response has been far from reassuring. Only time will tell, what happens to Blind and its users, once the dust settles.