More than 100 personal loan apps have been caught leaking private data, which included contact details, financial data and even location information. The data is held in a massive database that took up 889GB of storage. It was discovered by the SafetyDetective’s research group, Anurag Sen.
Sen stated that the information that was leaked from a whopping 4.6 million devices had their data added to the database – and every login a user has through any of these apps, it gathers a massive amount of information. What’s very concerning is that a black hat user gaining access to the database can pinpoint someone’s live location through it. It stores the user co-ordinates every time they log into the app making it quite a huge security risk.
Chinese Loan Apps: Security Risks
The exposed database is hosted in the servers that are run by Aliyun Computing, which is a subsidiary of Alibaba. But the researcher stated that the company’s not involved with or responsible for this leak.
Sen’s team thinks that a lone marketing agency for mobile apps could be the source for the leak. What’s not entirely clear is how this said agency is leaking the data and of course, why ?
SafteyDetective’s team stated that all this data can be used to steal someone’s identity:
There are more than enough details to entirely overtake someone’s identity without any significant effort whatsoever. If this data were to be sold on the Dark Web, it could easily be packaged into a ‘deal’ where an individual’s financial, medical, and personal life are up for grabs. When targeted, even a phone’s sim card can be replicated and nearly full access to all of a person’s phone apps that control smart home devices, contain private photos and details, and more is made available.
This just highlights the essential need for security on all web projects, here at Ruairi Murphy Group we strive to provide the best security on every project delivered.