• Login
Fintedex — Business, Fincance & Investment News
  • Contact
  • Submit a News Releases
No Result
View All Result
  • Contact
  • Submit a News Releases
No Result
View All Result
Fintedex — Business, Fincance & Investment News
No Result
View All Result
Home Technology

Thousands of mobile app cloud databases have been left exposed online

Timothy Wilson by Timothy Wilson
16.03.2022
in Technology
0
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Businesses continue to leave their cloud databases unsecured online despite the risk of company data and even user data being exposed.

Following a three month study, Check Point Research (CPR) found 2,113 mobile applications whose databases were unprotected in the cloud and could be accessed by anyone with a browser. 

The mobile apps with exposed databases ranged from those with more than 10k downloads all the way to very popular apps with over 10m downloads. CPR found a wide variety of sensitive data from the apps in question including chat messages, personal photos, phone numbers, emails, user names, passwords and more.

Head of threat intelligence and research at Check Point Software, Lotem Finkelsteen explained how the firm’s security researchers were easily able to find these exposed databases using the free online tool VirusTotal, saying:

“In this research, we show how easy it is to locate data sets and critical resources that are open on the cloud to anyone who can simply get access to them by browsing. We share a simple method of how hackers can possibly do it. The methodology entails searching public file repositories like VirusTotal for mobile applications that use cloud services. A hacker can query VirusTotal for the full path to the cloud backend of a mobile application. We share a few examples of what we could find in there ourselves. Everything we found is available to anyone. Ultimately, with this research we prove how easy it is for a data breach or exploitation to occur. The amount of data that sits openly and that is available to anyone on the cloud is crazy. It is much easier to breach than we think.”

Mobile apps with exposed databases

In a new blog post, CPR provided several examples from its study without mentioning the names of the mobile apps that had left their cloud databases unsecured online.

The first app is for a large department store chain in South America which has been downloaded more than 10m times. By searching VirusTotal, CPR was able to find API gateway credentials and an API key. To make matters worse, these credentials were in plain text and anyone would be able to read them and use them to access the accounts of the department store’s customers.

The next app is a running tracker application designed to track and analyze a runner’s performance and it has been downloaded over 100k times. Its database contained users’ GPS coordinates and other health parameters like their heart rates. With this information in hand, an attacker could create maps to track the whereabouts of the app’s users.

Read More

> Sega left a huge database of user information open to hackers

> Over half a million transportation industry credit reports were left unsecured online

> These countries have the most exposed databases online

Next up, CPR found the exposed database of a dating app for people with disabilities. This database contained 50k private chat messages along with pictures of the senders. CPR also found the exposed database of a widely used logo maker application that has been downloaded more than 10m times. Inside the database there were 130k usernames, emails and passwords.

In addition to these apps, CPR also came across the unsecured databases of a popular PDF reader as well as a bookkeeping application.

In the same way that security experts recommend that consumers protect their smartphones, tablets and laptops with strong and complex passwords, so too should businesses that use cloud databases to store data for their mobile apps.

  • We’ve also featured the best identity theft protection

Previous Post

: Here’s the No. 1 strategy if you want to win a bidding war on a property (and a couple that don’t work)

Next Post

Samsung’s 2022 TV lineup arrives in Australia, includes a stunning matte display

Related Posts

Some Windows updates might actually hurt your security
Technology

Some Windows updates might actually hurt your security

by Timothy Wilson
16.05.2022
It looks like Apple WWDC 2022 will be in-person after all – for some
Technology

It looks like Apple WWDC 2022 will be in-person after all – for some

by Timothy Wilson
16.05.2022
Tech Moves: Longtime Microsoft leader James Phillips leaves Stripe; and more
Technology

Tech Moves: Longtime Microsoft leader James Phillips leaves Stripe; and more

by Timothy Wilson
16.05.2022
Save up to $700 during Nolah Mattress’ Memorial Day Sale
Technology

Save up to $700 during Nolah Mattress’ Memorial Day Sale

by Timothy Wilson
16.05.2022
Report: Apple bringing USB-C to the iPhone but not the iPhone 14
Technology

Report: Apple bringing USB-C to the iPhone but not the iPhone 14

by Timothy Wilson
16.05.2022
Next Post

Samsung's 2022 TV lineup arrives in Australia, includes a stunning matte display

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Premium Content

Next Avenue: This is one of the best exercises you can do for your health if you’re over 50

15.03.2022

War and sanctions means higher inflation

03.03.2022

Intellectual Ventures spinoff Modern Electron raising cash for heat-to-electricity tech

27.12.2021

Browse by Category

  • Business
  • Finance
  • Stock Market
  • Technology
  • Без рубрики

Browse by Tags

Europe Oleg Volin Russia Ukraine

Fintedex delivers real-time news about the financial industry: feature stories, industry developments, opinions plus the latest on people and trends.

Categories

  • Business
  • Finance
  • Stock Market
  • Technology
  • Без рубрики

Browse by Tag

Europe Oleg Volin Russia Ukraine

Recent Posts

  • The Location Guide, Filmmakers for Ukraine and EUFCN join forces for fundraiser at Cannes 2022
  • Free exchange: The world needs a new economic motor. Could India fit the bill?
  • Buttonwood: Why Italy’s borrowing costs are surging once again

© 2021 Fintedex.

No Result
View All Result
  • Contact
  • Submit a News Releases

© 2021 Fintedex.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?