According to a study released on Thursday, smartphone app developers could have leaked the personal details of over 100 million consumers via a series to misconfigurations of third-party cloud providers.
According to Check Point Research (CPR), it was recently discovered that many web developers leaked their data and the private details of millions of customers in the last few months by failing to adopt best practises while configuring and incorporating third-party cloud-services into their apps.
According to the paper, the misconfiguration jeopardised users’ personal data and developers’ internal tools, such as links to upgrade processes, storage, and more.
Personal data contains addresses, chat messages, venue, passwords, and images, all of which may be used to commit fraud, identity theft, and service swipes in the possession of malicious actors.
According to the paper, the researchers discovered a configuration error in Astro Guru — a common astrology, horoscope, and palmistry app with over 10 million downloads.
Astro Guru provides users with a personal astrology and horoscope prediction report after they enter their personal information such as their name, date of birth, gender, place, email address, and payment information, the report said.
This type of database configuration error is not recent and appears to be widespread, impacting millions of users, the study said.
All that was required of CPR researchers was an effort to gain access to the data. Nothing was in position to prevent unauthorised entry, it said.
According to the paper, a successful mobile threat security system must be capable of detecting and responding to a wide range of threats while maintaining a pleasant user experience.