Partiful's Location Data Flaw Exposed User Photos

Partiful, a social event planning app, has been collecting a large amount of user data. The company's app allows users to RSVP to events and has a powerful social graph. However, TechCrunch found that the app was not stripping location data from user-uploaded images, including public profile photos. This security flaw could be used to reveal the location of where a person's profile photo was snapped, potentially compromising user privacy. Partiful has since fixed the issue.

The cybersecurity landscape continues to evolve, with recent incidents highlighting the vulnerabilities of cloud-based platforms. Two notable events have drawn significant attention: a massive data breach involving Salesforce and KuCoin's ISO 27701 certification.

Salesforce Data Breach: A Major Threat

A cybercriminal group, 'Scattered LAPSUS$ Hunters,' has claimed to have stolen nearly 1 billion records from Salesforce customer databases Salesforce Data Breach: Hackers Claim 1 Billion Records Stolen^[1]. The group, which includes members from ShinyHunters, Scattered Spider, and LAPSUS$, is demanding a ransom and threatening to release sensitive information from 39 major companies, including Google, Toyota, and Disney.

The breach affects a wide range of sectors, including retail, hospitality, and luxury brands. Hackers have accessed personally identifiable information (PII) such as names, addresses, dates of birth, Social Security numbers, and business contact details. This incident underscores the growing risks of cloud-based data breaches, with companies facing mounting legal challenges and potential financial losses.

Salesforce maintains that its core platform remains secure, attributing the breaches to social engineering attacks on individual customers. However, the company faces at least 14 lawsuits in Northern California, seeking class-action status over alleged negligence and privacy violations Salesforce Data Breach: Hackers Claim 1 Billion Records Stolen^[1]. This incident serves as a stark reminder of the importance of strong authentication methods, monitoring third-party integrations, and employee security training.

KuCoin Enhances Privacy with ISO 27701 Certification

In response to increasing privacy concerns in the crypto space, KuCoin has obtained ISO 27701:2025 certification, reinforcing its commitment to user privacy and trust KuCoin Achieves ISO 27701 Certification, Reinforcing Commitment to Privacy and User Trust^[2]. The certification builds upon KuCoin's existing ISO 27001:2022 and SOC 2 Type II certifications, adding layers of security and compliance controls.

The ISO 27701 certification ensures that KuCoin's privacy safeguards span the full data lifecycle, from collection and processing to secure storage and disposal. This certification aligns with global regulatory expectations and signals KuCoin's readiness for compliance in multiple jurisdictions.

KuCoin's $2 Billion Trust Project, which aims to improve transparency and reliability, now includes the ISO 27701 certification. The exchange has appointed a global Data Protection Officer to oversee compliance across all regions, further strengthening its security architecture.

Implications for Partiful

Partiful, a social event planning app, recently faced a security flaw involving user-uploaded images. The app did not strip location data from user-uploaded images, potentially compromising user privacy . While Partiful has since fixed the issue, this incident underscores the importance of comprehensive data protection measures.

Conclusion

Recent incidents highlight the critical need for robust data protection measures in the cloud. Companies must prioritize strong authentication, third-party integration monitoring, and employee security training. Certifications like ISO 27701 can provide an additional layer of security and enhance user trust.