Androids are among us. – Photo: © Digital Journal
There was recently an Android User Data Exposure, which opened over a million records of Personally Identifiable Information. With the incident, Chinese popular Android game app developers exposed information belonging to users through an insecure server, ZDNet reports.
Many of those exposed were video game players, many of whom share personal data online. Looking at this latest data breach for Digital journal is Pravin Rasiah, vice president of products, CloudSphere.
Rasiah places the data breach in the context of a series of recent concerns where public data has been exposed. He notes: “Data breaches happen much more frequently than people might expect. “
This is no excuse for lax security, however, as Rasiah notes: “Organizations that store sensitive customer information have an obligation to ensure that appropriate security and governance safeguards are in place. . “
So why are data breaches happening more and more regularly? Rasiah says, “All too often, organizations do not fully understand what their applications are hosted on in their environments, the business functions supported, and the nature of the data stored in those applications and databases. “
The underlying problem is that the process of exposing sensitive data does not require sophisticated vulnerabilities. Moreover, the very rapid growth of cloud-based data storage has revealed such weaknesses.
Therefore, Rasiah notes, “The absence of this context coupled with misconfigurations at the network level (eg, direct exposure to the Internet) while not requiring permission to access is a disastrous combination. “
Therefore, Rasiah observes: “When a server is left exposed, customer information becomes vulnerable to cybercriminals who can exploit that data for a variety of malicious purposes, including launching highly targeted phishing attacks and brute force attacks against computer users. ‘other organizations’.
With the specific incident related to Android services, Rasiah’s investigations reveal: “In this case, because the passwords were stored in plain text, attackers could also use this login information to attempt to access other accounts.” users because many people use the same password on many different platforms.
In terms of what can be done to prevent incidents like this from happening again, it’s time for companies to look internally and put robust solutions in place.
Here, Rasiah recommends, “To keep user data out of the reach of cybercriminals, organizations must take advantage of platforms that provide global visibility into their environments as well as governance to ensure structure, processes and support. appropriate. With a comprehensive assessment of applications hosted in their cloud environment, businesses can operate securely without putting customer data at risk. “