This wasn’t helped by React’s own issues with accountability. Its site had no contact information, and even its WHOIS record masked the email address. Messages through the feedback form turned up nothing. The database didn’t go offline until TechCrunch asked Microsoft to reach the developer, who still hasn’t said anything about the leak.

It’s not clear if anyone beyond Jain or TechCrunch accessed the database.

While the data is safe for now, the incident illustrates a problem with tracking apps as a whole: it’s difficult to verify that developers are securing your location info every step of the way. If they don’t and there’s a breach, it could lead to very real threats that could include physical danger.