Check Point claimed it uncovered thousands of mobile apps that exposed data in a new report released on Tuesday.
Check Point discovered 2,113 apps that used the cloud-hosted Firebase database, all of which had backend data that was unencrypted and vulnerable to hackers. Chat conversations in gaming apps, personal files such as family photos, token IDs for healthcare apps, and data from cryptocurrency exchange sites were among the data exposed.
More than 50,000 private communications from clients were revealed by a dating app. 130,000 users’ usernames, passwords, and email addresses were exposed via an app used to generate logos and images. Users’ bank credentials, phone numbers, and chat messages were revealed by an app for a social audio platform.
Approximately 280,000 phone numbers were discovered in an accounting tool for small businesses, along with at least 80,000 firm names and locations. A PDF reader software also exposed secret keys that might be used to access the company’s VPN network by a hacker.
“Cloud misconfigurations are the result of a lack of knowledge, right policies, and security training,” according to Check Point’s analysis. “With the new work from the home hybrid paradigm, this is even more heightened and needed.” “Bad security procedures can cause a lot of damage, but it’s only a few clicks away from being fixed.” Check Point emphasized.
Furthermore, Check Point advises developers who use cloud-based services to follow the provided rule for “Ensure S3 buckets are not publicly accessible” to conform to AWS CloudGuard S3 Bucket Security in Amazon Web Services.
If you use the Google Cloud Platform, you can verify that your cloud storage database is not anonymously or publicly accessible by following a rule in Google’s knowledge base. Finally, Azure users should make sure that the default network access rule for Storage Accounts is set to deny Rule ID.
Before you can receive free updates, link building strategies or SEO tips you need to confirm your email right now.
(It’s easy)
Just go to your inbox, open the confirmation email from the SIA, and click the link.
And that’s it!
PS: If you don’t see a confirmation email, please check your spam/junk or promotions folders. Sometimes the confirmation message ends up there by mistake.
Obtenez nos 7 études S.I.A. les plus controversées qui feront trembler la tête même les SEO les plus avancés d’incrédulité.
De plus, nous vous alerterons lorsque nous publierons de nouveaux tests au public.
Obtenga nuestros 7 estudios S.I.A. más controvertidos que harán que incluso el SEO más avanzado sacuda la cabeza con incredulidad.
Además, le avisaremos cuando publiquemos nuevas pruebas al público.
Get Our Most 7 Controversial S.I.A. Studies That Will Make Even the Most Advanced SEO Shake Their Head in Disbelief.
Plus we will alert you when we publish new tests to the public.
