viaForensics: Netflix, Foursquare apps leave sensitive data vulnerable
Amidst all the news of giant corporations being hacked this year, one would hope that other companies would take the opportunity to double-check their own security standards. Nope, there are vulnerabilities everywhere.
Now it has become known that sensitive data plugged into mobile apps are at risk. According to the computer security firm viaForensics, LinkedIn, Netflix, Foursquare and Square are the biggest culprits.
The Wall Street Journal reports:
The Android applications of LinkedIn, Netflix and Foursquare stored user names and passwords in unencrypted form on their Google-powered devices.
Storing that data in plain text violates a commonly accepted best practice in computer security.
Square is actually rated as worse than the others as the iOS edition of its app "exposed a user’s transaction amount history and the most recent digital signature of a person who signed an electronic receipt on the app."
That's bad. So, so bad. Sure, the idea behind the first three leaving the passwords open to easier attacks is upsetting, but Square is dealing directly with a person's finances. Those kinds of vulnerabilities just aren't acceptable and have to be patched up immediately.
So far, Foursquare and Netflix reps have informed the WSJ that they will be updating their apps, but it isn't clear as to when. The one that should be rolling out a software update with higher security standards should be Square, but there's no word on that front just yet.
Related coverage on ZDNet:
- Hackers attack Citi, access data of over 200,000 bank accounts
- Sony apologizes to PSN members at E3, says ‘you’re welcome’ to media
- Nintendo becomes latest server hack victim of Lulz Security
- Sony Europe hacked by Lebanese grey hat hacker
- China claims US started global ‘Internet war’ after Google attack