Foursquare Privacy Hole Leaks Nearly A Million Check-Ins

If you needed a reminder of why you’re wary of location-based services, here’s one: A (thankfully good-intentioned) hacker was able to snag data from some 870,000 Foursquare check-ins – even ones set only to be visible to friends.

Jesper Andersen built a website to exploit a hole in the “Who’s Been Here” section of Foursquare’s website, allowing him to scrape an estimated 70 per cent of all check-in data in the San Francisco area over the last three weeks. That’s a lot of shameful trips to Subway.

Andersen, who says he’s been “trying to be white-hat” about his find, let Foursquare know about the breach, and the site responded by adding a setting to opt out of the relevant section. Still, Andersen worries that users won’t know to seek it out in the first place: “I certainly haven’t seen a drop-off in check-in collections,” he said. And that means he’s still doing the collecting. [Wired]