I found a critical remote account takeover vulnerability, a PII over-exposure and a email leak.
The company refused to talk with me or journalists.
After publishing my research and media coverage, they fixed all the bugs.
https://www.404media.co/pregnancy-tracking-app-what-to-expect-refuses-to-fix-issue-that-allows-full-account-takeover-2/
=> More informations about this toot | More toots from 0v1@infosec.exchange
text/geminiThis content has been proxied by September (3851b).