A popular app designed to help people quit pornography reportedly exposed highly sensitive information about hundreds of thousands of its users – including details about their masturbation habits, emotional struggles, and the kinds of pornography they were trying to stop watching.
The data leak involved Quittr, a “porn addiction recovery” app that claims more than 1.5 million downloads and roughly $500,000 in monthly revenue, according to reporting by 404 Media.
Quittr markets itself as a “porn recovery” and self-improvement app designed to help people break compulsive pornography habits. The app encourages people to log highly personal information about their behavior, including relapse incidents, triggers, mood check-ins, and journal-style reflections. Features include a website blocker, streak tracker, support groups, and an “Emergency NoFap” panic button designed to help people resist urges to watch porn.
A misconfigured database exposed intimate user data
According to the 404 Media investigation, a security flaw allowed an independent researcher to access a misconfigured database containing this extremely personal information. The exposed data reportedly included ages, masturbation frequency, “triggers” for pornography use, and the personal confessions about users’ struggles with porn consumption.
Even more troubling, the researcher said the database contained records belonging to more than 600,000 users, including about 100,000 who identified themselves as minors.
According to the researcher cited by 404 Media, the issue allowed anyone who could authenticate as a user to potentially access the backend database where user information was stored. The researcher initially reported the vulnerability directly to the app’s creator in September 2025 and was told it would be fixed quickly. But months later, the database was still accessible.
The good news is that the vulnerability has finally been fixed, which is why 404 Media is now publicly naming the app. But the incident highlights a growing privacy risk: extremely personal data is increasingly being collected by lifestyle and self-improvement apps that may not have the security expertise needed to protect it.
What this breach teaches about app privacy
The lesson here goes well beyond this single app. Just because an app is popular – or trending on TikTok or Instagram – doesn’t mean the people behind it take the necessary steps to secure the sensitive information it collects. That can be a dangerous combination when the data involved includes intimate details about your mental health, sexuality, or private behavior.
Whenever you enter personal information into an app, it’s safest to assume that it could eventually become public. That doesn’t mean you should never use self-improvement apps or health trackers. But it does mean you should think carefully about what information you share.
Ask yourself a simple question before entering sensitive data into a trendy new app: Would I be comfortable if this information became public?
If the answer is no, it may be better to keep your private information private.
Read next: 2FA Explained: The Safest Ways to Protect Your Accounts
[Image credit: Screenshot via Techlicious, phone mockup via Canva]
