Data Security, Application security, Privacy

Photo identification apps leak sensitive data of 152,000 users

concept of leaky software, data with a tap sticking out.3d illustration

Three mobile applications designed for identifying objects in photographs were found to be leaking sensitive user data, including emails, usernames, profile photos, and GPS coordinates, affecting approximately 152,000 users, according to a recent report by Tech Radar.

The breaches occurred due to misconfigured Firebase instances within the apps, which lacked proper authentication and access controls, leaving databases exposed, Cybernews researchers found. The affected applications include Dog Breed Identifier Photo Cam (500K downloads), Spider Identifier App by Photo (500K downloads), and Insect identifier by Photo Cam (1M downloads). Hackers have already accessed these open databases, as evidenced by a proof-of-concept entry indicating automated scans for unsecured data.

The exposed information, particularly GPS coordinates, could be used for phishing, identity theft, and tracking user movements. Despite repeated attempts, the developers of these apps have not responded to inquiries.

Source: Tech Radar

You can skip this ad in 5 seconds