Popular party planning app Partiful has leaked metadata from profile photos that could have revealed users’ real addresses. The company has since fixed the bug.
Partiful fixes bug that exposed users’ exact coordinates
Partiful, dubbed “Facebook events for hot people,” quickly became a Facebook replacement for party planning and has already entered the top apps on the App Store. But along with its popularity, the app has also suffered security issues.
Photo metadata leak
Journalists discovered that users’ profile pictures were stored with all their metadata, including geolocation. This meant that anyone could find out the exact coordinates of where the photo was taken, including home addresses or work locations. To test, the journalists uploaded a photo near Moscone West in San Francisco — the server stored coordinates with an accuracy of a few meters.
Company Response
After reporting the issue, Partiful’s co-founders confirmed the bug and promised to fix it. The company initially said it would fix it within a week, but after pressure from the media, the issue was closed within a day. Metadata was removed from both new and previously uploaded photos.
Impact on users
The sensitivity of the situation was that profile photos are often uploaded from personal devices. With the app already having millions of users and building an entire social map of connections, even a single leak could pose serious privacy risks.
Investments and security issues
Partiful has raised more than $27 million in investment, including $20 million in a round led by Andreessen Horowitz. But the company did not say whether it had undergone an independent security audit before launch. Representatives only said that they regularly conduct checks, although so far “no evidence of unauthorized access” to the photos has been found.
Related: OpenAI Sora Launches with 164K Downloads, Enters App Store Top 3
