Expert Comments

Expert Commentary: True, The Social Networking App That Promises To ‘protect Your Privacy,’ Exposed Private Messages And User Locations

Expert(s): Security Experts
Expert(s): Security Experts

True, which bills itself as the social networking app that will “protect your privacy,” has experienced a security lapse which left one of its servers exposed without a password — spilling private user data to the internet for anyone to read, browse and search the database. The dashboard contained daily server logs dating back to February, and included users’ registered email address or phone number, the contents of private posts and messages between users, and the user’s last known geolocation, which could identify where a user was or had been. The dashboard also exposed the email and phone contacts uploaded by the user, which True uses to match with known friends in the app. None of the data was encrypted.

Experts Comments

Dot Your Expert Comments
Keith Neilson
October 29, 2020
Technical Evangelist
CloudSphere

A missing password is often the result of lack of awareness into the constantly changing cloud environment.
Leaving a database exposed without a password in place puts customer data in serious jeopardy of being exploited by threat actors. A missing password is often the result of lack of awareness into the constantly changing cloud environment. Without the proper guardrails to remediate oversights in security, any change in policy can leave a database exposed and put sensitive information in danger of being used for targeted phishing campaigns or sold on the dark web. Platforms that provide a.....Read More
Leaving a database exposed without a password in place puts customer data in serious jeopardy of being exploited by threat actors. A missing password is often the result of lack of awareness into the constantly changing cloud environment. Without the proper guardrails to remediate oversights in security, any change in policy can leave a database exposed and put sensitive information in danger of being used for targeted phishing campaigns or sold on the dark web. Platforms that provide a holistic view into the cloud landscape ensure businesses can stay apprised of all changes and avoid devastating misconfigurations putting customers at risk.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords

Expert Reaction On Go Is Becoming The Language Of Choice...

Experts On Google Voice Outage

Expert Reaction On GCHQ To Use AI In Cyberwarfare

Comment: Hackers Break Into ‘Biochemical Systems’ At Oxford Uni Lab...