A popular Christian faith app has unwittingly exposed the personal data of up to 10 million users dating back several years, after misconfiguring its cloud infrastructure, researchers have warned. Santa Monica-headquartered Pray.com claims to be the “#1 App for daily prayer and biblical audio content” and has been downloaded over a million times from the Play Store. Researchers at vpnMentor discovered four misconfigured AWS S3 buckets belonging to the company. Although it had made private around 80,000 files, it failed to replicate these security measures on its Cloudfront CDN, which also had access to the files. This means a hacker could have compromised personal information on as many as 10 million people, most of whom were not even Pray.com users.