Data leaks are becoming more common all over the world in recent times. When personal information is leaked, however, things take a turn for the worst. Target’s wish list application is not safe from harm by the look of things, as a fair amount of customer details have been made public. As a result, part of the app’s features have been suspended for the time being.
Target Wish List App Is Not That Safe
What makes wish list applications so interesting is how consumers can put together an overview of items they would like to receive during the year. With the holiday season almost upon us, finding that perfect gift for loved one can prove to be quite a challenge. Thanks to Target’s wish list app, that job has become slightly easier.
Unfortunately, the Target wish list application is not keeping customer information safe, which can be attributed to some sloppy coding along the way. In fact, Avast security researchers noted how the app database is storing the information in such a way that it becomes publicly accessible once you figure out the app’s programming interface. To make matters even worse, that programming interface is publicly available.
In fact, obtaining the information stored in this database can be achieved by using the API, which only requires a “question” as a condition to return information. Once an assailant figures out how the user’s ID is generated, they have access to names, addresses, and email addresses. Not the kind of information one wants out in the open.
Target has not officially responded to this discovery, although one of their spokeswomen stated how certain elements of the application have been disabled for the time being. Engineers and developers are looking at the application’s source code, and a security update will be released in the near future.
There is always a certain tradeoff to be made in these types of applications, as some will require a lot of unnecessary permissions whereas others are making information too accessible to the public. Companies really have to step up their game if they want to develop proper applications that are not invading user privacy while still protecting customer data at the same time.
No Financial Information Has Been Stolen So Far
One positive thing to note is how no financial data has been stolen from Target users. Even though the wish list app stores a lot of sensitive information, financial details are not among them [♦as far as we know]. While this is somewhat of a relief, it doesn’t change the fact that Target’s app is leaking on all sides.
This is why Bitcoin is a far more superior method of payment, as there is no vital information that can be leaked at any time. In the worst case scenario, the user’s Bitcoin wallet address is obtained, but an attacker can’t do anything with that unless they obtained the private key associated with that wallet.
Source: Ars Technica