The misconfiguration of third-party cloud services put users’ personal data and developers’ internal resources, such as access to update mechanisms, storage and more, at risk
Mobile app developers, after examining 23 Android applications, potentially exposed personal data of over 100 million users through a variety of misconfigurations of third-party cloud services, a report said on Thursday.
According to Check Point Research (CPR), it recently discovered that in the last few months, by not following best practices when configuring and integrating third-party cloud services into the applications, many application developers have left their data and millions of users’ private information exposed.
The misconfiguration of third-party cloud services put users’ personal data and developers’ internal resources, such as access to update mechanisms, storage and more, at risk, the report said.
In the hands of malicious actors, personal data including emails, chat messages, location, passwords and photos, could lead to fraud, identity theft and service swipes.
This misconfiguration of real-time databases is not new and continues to be widely common, affecting millions of users, the report said.
All CPR researchers had to do was attempt to access the data. There was nothing in place to stop the unauthorised access from happening, it added.
The report said that an effective mobile threat defence solution needs to be able to detect and respond to a variety of different attacks while providing a positive user experience.