A location based Social Networking platform with 45 million users,’Foursquare’ was vulnerable to the primary email address disclosed. The flaw exists in the Invitation system of the app. The invitation received on the recipient’s end actually discloses the sender’s email address. Just by modifying the value of ‘uid’ parameter, one can see the email ID of the respective user. If someone is a good programmer, then dumping the complete database won’t be a difficult task. The attacker can extract email addresses of all 45 million people just by using a few lines of scripting tool.
Source: https://thehackernews.com/2014/01/foursquare-vulnerability-that-exposes.html