Target Wish List App Vulnerable To Data Hijacking

Data leaks are becoming more common all over the world in recent times. When personal information is leaked, however, things take a turn for the worst. Target’s wish list application is not safe from harm by the look of things, as a fair amount of customer details have been made public. As a result, part of the app’s features have been suspended for the time being.

Also read: Can Companies Simplify The Conversion From Bitcoin To Fiat Currency?

Target Wish List App Is Not That SafeTheMerkle_Data Breach Target

What makes wish list applications so interesting is how consumers can put together an overview of items they would like to receive during the year. With the holiday season almost upon us, finding that perfect gift for loved one can prove to be quite a challenge. Thanks to Target’s wish list app, that job has become slightly easier.

Unfortunately, the Target wish list application is not keeping customer information safe, which can be attributed to some sloppy coding along the way. In fact, Avast security researchers noted how the app database is storing the information in such a way that it becomes publicly accessible once you figure out the app’s programming interface. To make matters even worse, that programming interface is publicly available.

In fact, obtaining the information stored in this database can be achieved by using the API, which only requires a “question” as a condition to return information. Once an assailant figures out how the user’s ID is generated, they have access to names, addresses, and email addresses. Not the kind of information one wants out in the open.

Target has not officially responded to this discovery, although one of their spokeswomen stated how certain elements of the application have been disabled for the time being. Engineers and developers are looking at the application’s source code, and a security update will be released in the near future.

There is always a certain tradeoff to be made in these types of applications, as some will require a lot of unnecessary permissions whereas others are making information too accessible to the public. Companies really have to step up their game if they want to develop proper applications that are not invading user privacy while still protecting customer data at the same time.

No Financial Information Has Been Stolen So FarTheMerkle_Target Bitcoin

One positive thing to note is how no financial data has been stolen from Target users. Even though the wish list app stores a lot of sensitive information, financial details are not among them [♦as far as we know]. While this is somewhat of a relief, it doesn’t change the fact that Target’s app is leaking on all sides.

This is why Bitcoin is a far more superior method of payment, as there is no vital information that can be leaked at any time. In the worst case scenario, the user’s Bitcoin wallet address is obtained, but an attacker can’t do anything with that unless they obtained the private key associated with that wallet.

Source: Ars Technica

Images credit 1,2,3

22 Comments

  1. free v bucks generator September 28, 2020
  2. fortnite v bucks generator November 13, 2020
  3. Anastasia Dittbrenner December 5, 2020
  4. Lanette Hinman December 13, 2020
  5. Rosio Sween December 13, 2020
  6. v bucks generator January 12, 2021
  7. free v bucks generator January 13, 2021
  8. fortnite skin generator January 14, 2021
  9. 꽁머니 January 18, 2021
  10. reddit nba streams January 24, 2021
  11. fortnite account generator January 29, 2021
  12. fortnite account generator January 29, 2021
  13. fortnite account generator January 30, 2021
  14. free v bucks generator February 13, 2021
  15. fortnite v bucks generator February 14, 2021
  16. v bucks generator February 16, 2021
  17. free v bucks generator February 17, 2021
  18. free v bucks generator February 17, 2021
  19. free v bucks generator February 18, 2021
  20. Tyra Wettach March 6, 2021
  21. Dean Amati March 6, 2021
  22. Judi Ritzert March 6, 2021

Leave a Reply