Friday, March 29, 2024

Over 100 Million Personal Data Leaked Due to Misconfiguration From 23 Android Apps

Nowadays it becomes quite common and frequent to see how apps and companies are suffering cyber attacks, which resulting massive data breaches.

Recently, a team of security researchers at Check Point security company has reported a massive data breach in which data of 100 million users were exposed. This data breach happened due to a series of bad security configurations of third-party services in the cloud.

According to the security report from Checkpoint research, in total 23 Android applications were compromised, and the threat actors have found the compromised data in the unprotected real-time databases.

The most shocking thing about all these 23 Android apps is their downloads, as each of them has download counts ranging from 10,000 to 10 million.

Data involved

The cybersecurity researchers have claimed that in this massive data breach the following type of personal data has been compromised, and here they are mentioned below:-

  • Email addresses
  • Private messages
  • Personal photos
  • Passwords
  • User ID
  • Username
  • Push notifications
  • Screen recording
  • User location
  • Personal files
  • Payment details
  • Private chats
  • Dates of birth
  • Gender
  • Phone numbers

More Than 100 Million Users’ Data Exposed

As we told that 23 applications were compromised, and there have been more than 100 million personal data of different users who use all these Android apps were compromised. 

And this data breach happened only due to the app developers’ misconfiguration of third-party services. It’s a bad practice and not only that even it also depicts that how seriously nowadays the developers take the security measures.

The security analysts are able to discover this breach only for their routine investigation, as a routine security checkup they carried out this investigation on these 23 apps.

After their investigation, they found that some real-time databases that did not have any type of security or protection system. And the analysts easily got access to the exposed personal data of the users like email addresses, usernames, passwords, photos, chats, and messages as well.

The use of use real-time database is a general thing for app developers, as they use this technology to store data in the cloud so that in real-time they can synchronize that data with their users.

Hiding the keys

During the security investigation, the cybersecurity researchers have also discovered some other sensitive details related to the developer, that are implanted in some of the apps that are tested by them.

Even they also affirmed that they discovered the credentials for push notification services in one of the tested applications.

Among those 23 apps, the security experts have found the cloud storage keys in two popular apps, Screen Recorder, and iFax. Here, the Screen Recorder is available on Google Play with more than 10 million installations.

Due to the obscure security adoption, some of the developers are unexpectedly compromising the security of their users’ data and privacy. As the researchers have alleged that some of the developers have used base64 encoding, due to which the decoding remains unprotected.

Compromised apps

The security specialists at Check Point have distinctly pronounced that among 23 compromised apps, many of them have more than 10 million downloads on Google Play Store, and here the most interesting thing is that a maximum of them are don’t have any protected database.

Moreover, the Astro Guru is one of the apps that offer astrology, horoscope, and palmistry services, so, due to the prediction of several factors the users put more and accurate data, and as a result, the security authorities have found a large amount of endangered user data in its real-time database.

But, fortunately, this severe privacy error has only transpired in a small number of apps like Screen Recorder, iFax, Logo Maker, T’Leva, or Astro Guru.

However, as a security measure or mitigation, the experts have strongly recommended the users to uninstall these apps from their Android devices immediately.

While the research team at Check Point security firm has already contacted and reported this serious privacy error to Google, and all the developers of these apps before making it public.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles