The app that does nothing but send the simple message, "Yo," was apparently also very simple to hack, as three Georgia Tech students reportedly found out over the weekend.
In an email to TechCrunch, the students detailed the hack, stating that they could get any "Yo" user's phone number, send spoof "Yo"s from any user, and spam users with as many notification as they wanted -- although they said they had not done so. They said their hack was not intended to be malicious, but to call attention to a potentially harmful security gap within the app itself.
The security flaw was fixed on Friday, wrote founder Or Arbel in a blog post about the incident. Arbel said he verified the fix with the hackers, and even offered one of them a job improving the app's experience in other areas.
Like other messaging apps, "Yo" has shown that despite the best of intentions, online security is not a given.
"We were lucky enough to get hacked at an early stage and the issue has been fixed," Arbel wrote in the blog post. Apologizing to users, he added, "Yo is a simple app - your privacy isn't."
When a "Yo" user first joins the service, the app doesn't require an email, full name or Facebook account. The only identity within the app is a username. However, if users used the "Find Friends" feature, the hack exposed their phone number with their username -- not their contacts, because that's never stored in the database, stressed Arbel.
The app, which has grown to more than 150,000 users since launching in April, does nothing but send the word "Yo" with a single tap.
"It's lightweight and you don't have to read the notification. You can choose to ignore it and there's nothing to open," Arbel told CBS News last week.