True, which bills itself as the social networking app that will “protect your privacy,” has experienced a security lapse which left one of its servers exposed without a password — spilling private user data to the internet for anyone to read, browse and search the database. The dashboard contained daily server logs dating back to February, and included users’ registered email address or phone number, the contents of private posts and messages between users, and the user’s last known geolocation, which could identify where a user was or had been. The dashboard also exposed the email and phone contacts uploaded by the user, which True uses to match with known friends in the app. None of the data was encrypted.
Experts Comments
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Keith Neilson, Technical Evangelist, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"A missing password is often the result of lack of awareness into the constantly changing cloud environment. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-true-the-social-networking-app-that-promises-to-protect-your-privacy-exposed-private-messages-and-user-locations
Facebook Message
@Keith Neilson, Technical Evangelist, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"A missing password is often the result of lack of awareness into the constantly changing cloud environment. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-true-the-social-networking-app-that-promises-to-protect-your-privacy-exposed-private-messages-and-user-locations