Data leaks are becoming more common all over the world in recent times. When personal information is leaked, however, things take a turn for the worst. Target’s wish list application is not safe from harm by the look of things, as a fair amount of customer details have been made public. As a result, part of the app’s features have been suspended for the time being.
Also read: Can Companies Simplify The Conversion From Bitcoin To Fiat Currency?
What makes wish list applications so interesting is how consumers can put together an overview of items they would like to receive during the year. With the holiday season almost upon us, finding that perfect gift for loved one can prove to be quite a challenge. Thanks to Target’s wish list app, that job has become slightly easier.
Unfortunately, the Target wish list application is not keeping customer information safe, which can be attributed to some sloppy coding along the way. In fact, Avast security researchers noted how the app database is storing the information in such a way that it becomes publicly accessible once you figure out the app’s programming interface. To make matters even worse, that programming interface is publicly available.
In fact, obtaining the information stored in this database can be achieved by using the API, which only requires a “question” as a condition to return information. Once an assailant figures out how the user’s ID is generated, they have access to names, addresses, and email addresses. Not the kind of information one wants out in the open.
Target has not officially responded to this discovery, although one of their spokeswomen stated how certain elements of the application have been disabled for the time being. Engineers and developers are looking at the application’s source code, and a security update will be released in the near future.
There is always a certain tradeoff to be made in these types of applications, as some will require a lot of unnecessary permissions whereas others are making information too accessible to the public. Companies really have to step up their game if they want to develop proper applications that are not invading user privacy while still protecting customer data at the same time.
One positive thing to note is how no financial data has been stolen from Target users. Even though the wish list app stores a lot of sensitive information, financial details are not among them [♦as far as we know]. While this is somewhat of a relief, it doesn’t change the fact that Target’s app is leaking on all sides.
This is why Bitcoin is a far more superior method of payment, as there is no vital information that can be leaked at any time. In the worst case scenario, the user’s Bitcoin wallet address is obtained, but an attacker can’t do anything with that unless they obtained the private key associated with that wallet.
Source: Ars Technica
Core Foundation has just announced a new partnership with Z Protocol, and it’s already getting…
Binance Wallet is quietly stepping into one of crypto’s fastest-growing sectors, prediction markets. According to…
As concerns around quantum computing and crypto security continue to build, Changpeng Zhao is stepping…
Bitmine Immersion Technologies, led by Tom Lee, is continuing to build aggressively on its Ethereum…
Something interesting just played out within the Ethereum space, and it didn’t take long before…
It’s becoming more obvious by the day that Ethereum is not slowing down anytime soon,…
