Expert Comments

Comment: Peekaboo Moments Suffers Breach Leaving Thousands Of Baby Images And Videos Exposed

Expert(s): Security Experts
Expert(s): Security Experts

It has been reported that thousands of baby videos and images are being left unsecured and exposed to the internet by Peekaboo Moments, a mobile app. This is due to the app’s developer, Bithouse Inc., leaving an Elasticsearch database open on the internet.

Experts Comments

January 15, 2020
Winston Bond
EMEA Technical Director
Arxan
Data on mobile devices is stored predominantly in apps so it is paramount that organisations understand just how important it is to secure their apps in order to keep their customers’ data safe and secure. It astounds me that I still have to reiterate the need to do this, particularly when it is children’s data that is being left exposed. This breach is a great example of extracting a web API from a mobile app and then using it to extract data. It shows exactly why app developers should.....Read More
Data on mobile devices is stored predominantly in apps so it is paramount that organisations understand just how important it is to secure their apps in order to keep their customers’ data safe and secure. It astounds me that I still have to reiterate the need to do this, particularly when it is children’s data that is being left exposed. This breach is a great example of extracting a web API from a mobile app and then using it to extract data. It shows exactly why app developers should harden their apps against reverse engineering and use integrity checks to make sure that the app is what it is supposed to be. Exposing a database through a web API is obviously insecure so it begs the question, why are companies still doing it?  Read Less
January 15, 2020
Hugo Van den Toorn
Manager, Offensive Security
Outpost24
Unfortunately, this is yet another Elastic Database that is open to the public, which has nothing to do with the product itself, but purely with how the vendor has decided to set up their infrastructure and deploy their software. With the countless possibilities of ‘quickly deploying a system in the cloud’, security is -still- often overlooked by organisations. As datasets grow to these sizes and contain this sensitive information, data is becoming increasingly valuable to our business and.....Read More
Unfortunately, this is yet another Elastic Database that is open to the public, which has nothing to do with the product itself, but purely with how the vendor has decided to set up their infrastructure and deploy their software. With the countless possibilities of ‘quickly deploying a system in the cloud’, security is -still- often overlooked by organisations. As datasets grow to these sizes and contain this sensitive information, data is becoming increasingly valuable to our business and in some cases even more valuable than money. Unfortunately, not everyone protects (your) data like the valuable asset it is. Even after vendors make statements such as ‘we take your security and privacy serious’, we often see security ending-up somewhere on the bottom of the priority list… Assuming it made the priority list at all.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

The Changing Face Of The COO Role

Security Expert On Apple Suing NSO Group

Meta Delays Plans To Rollout End-to-end Encryption

NCSC Issues Black Friday Warning To Tetailers

How The Zelle Fraud Scam Steals Your Bank Credentials

GoDaddy Data Breach Impacts Over A Million Users, Experts Reactions

Utah Imaging Data Breach – Expert Comments

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts