According to a study released on Thursday, mobile app developers could have exposed personal data of over 100 million users through a number of misconfigurations of third-party cloud services.
Check Point Research (CPR) recently discovered that by not adopting best practises when configuring and incorporating third-party cloud-services into their applications, many application developers have left their data and millions of users’ private information exposed in the last few months.
According to the study report, the misconfiguration placed users’ personal data and developers’ internal resources at risk, including access to update mechanisms, storage, and more.
Emails, chat messages, location, passwords, and photos are some of the personal data that, in the hands of malicious actors, could lead to fraud, identity theft, and service swipes.
The researchers discovered a misconfiguration in Astro Guru, a popular astrology, horoscope, and palmistry app with over 10 million downloads, according to the report.
According to the report, Astro Guru provides users with a personal astrology and horoscope prediction report after they input personal information such as their name, date of birth, gender, location, email, and payment details.
According to the study report, misconfiguration of real-time databases is not new and continues to be widespread, affecting millions of users.
All CPR researchers had to do was try to get access on the data. The report went on to say that there was nothing in place to prevent unauthorised access.
According to the report, a good mobile threat protection solution should be able to identify and respond to a wide range of attacks while maintaining a positive user experience.