The 2021 Pwnie Nominee For Lamest Vendor Response

Giggle App Account and Public Information Disclosure Vulnerability

Vendor Name: Giggle

Link: https://research.digitalinterruption.com/2020/09/10/giggle-laughable-security/

Giggle is a “women only” group messaging app that uses a highly questionable gatekeeping AI.  An API was discovered that effectively allows an attacker to dump all account information.  It was also discovered that deleted accounts are only disabled.  Giggle engaged in a ridiculous deflection campaign over a few months, and then eventually patched the bug without any apology or acknowledgement of the researcher.