A popular Christian faith app has unwittingly exposed the personal data of up to 10 million users dating back several years, after misconfiguring its cloud infrastructure, researchers have warned. Santa Monica-headquartered Pray.com claims to be the “#1 App for daily prayer and biblical audio content” and has been downloaded over a million times from the Play Store. Researchers at vpnMentor discovered four misconfigured AWS S3 buckets belonging to the company. Although it had made private around 80,000 files, it failed to replicate these security measures on its Cloudfront CDN, which also had access to the files. This means a hacker could have compromised personal information on as many as 10 million people, most of whom were not even Pray.com users.
Researchers have warned a popular Christian faith app has unwittingly exposed the personal #data of up to 10 million users dating back several years after misconfiguring its #cloud #infrastructure >> https://t.co/aN4h8bHbgq
— Infosecurity Magazine (@InfosecurityMag) November 20, 2020
Experts Comments
Linkedin Message
@Trevor Morgan, Product Manager , provides expert commentary at @Information Security Buzz.
"Organizations should consider data-centric protection methods...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insights-faith-app-pray-com-exposes-millions-through-cloud-misconfiguration
Facebook Message
@Trevor Morgan, Product Manager , provides expert commentary at @Information Security Buzz.
"Organizations should consider data-centric protection methods...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insights-faith-app-pray-com-exposes-millions-through-cloud-misconfiguration
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Martin Jartelius, CSO , provides expert commentary at @Information Security Buzz.
"The reason insecure cloud configurations are sailing up to gain attention...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insights-faith-app-pray-com-exposes-millions-through-cloud-misconfiguration
Facebook Message
@Martin Jartelius, CSO , provides expert commentary at @Information Security Buzz.
"The reason insecure cloud configurations are sailing up to gain attention...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insights-faith-app-pray-com-exposes-millions-through-cloud-misconfiguration