comparisons

Period Tracker Data Breach and Privacy Incident History

Documented period app data breaches and privacy incidents from 2016 to 2026, including the Flo FTC action, Premom settlement, and Ovia acquisition.

The standard framing of period app privacy risk focuses on hypothetical future threats: what if there's a data breach, what if law enforcement requests data, what if the company is acquired. This framing misses the documented record. The incidents are not hypothetical. They span a decade and establish a clear pattern. What follows is a factual chronicle of documented incidents, organized chronologically. Each entry includes what happened, what data was exposed or shared, and what changed afterward. 2016: Glow — Security Vulnerability Report What happened. Security researchers at MedSec examined the Glow period tracking app and published a vulnerability report that found multiple security issues. The most significant: an account enumeration vulnerability that allowed an attacker to determine whether a specific email address had a Glow account. This is not a trivial disclosure — knowing that someone's email is registered with a menstrual health app reveals that they use one, which is itself sensitive information. The second documented issue involved Glow's friend request feature. The feature allowed users to share health data with partners or friends. The vulnerability meant that dat