Looking behind the True social app breach Special

Posted Oct 29, 2020 by Tim Sandle
True is an app that promotes itself as the social networking app that will “protect your privacy.” Ironically, the app has reportedly been involved with a data breach. A leading security expert looks into matter.
Computer keyboard.
Computer keyboard.
R. Jason Brunson, U.S. Navy
According to a report on TechCrunch the True app dashboard exposed one-time login codes. These are codes that the app sends to an account’s associated email address or telephone number instead of storing passwords.
It appears that a dashboard for one of the app's databases was exposed to the Internet without a password. This enabled any person to read, browse and search the database. This included private user data.
This news comes after a 2020 Consumer Barometer report found that almost half of the world's population expect to suffer from a da data breach. While breaches can take different forms, the report finds that 51 percent of consumers noticed an increase in phishing activity during the first wave the COVID pandemic.
In response to True’s exposed database, Digital Journal spoke with security expert Robert Prigge, CEO of Jumio.
According to Prigge, there's an irony with this particular incident: "True, an app designed for privacy, exposed its customers’ data for anyone to see. They’ve essentially equipped cybercriminals with all the tools needed to launch targeted attacks (such as scams, catfishing, extortion, account takeovers, stalking and assault) against its users."
Considering the specific incident, Prigge tells us: "Even though exposing personal information due to a missing password is a serious security lapse, passwords in general can no longer be trusted to keep sensitive data safe in today’s fraud environment. The timing of this breach also couldn’t be worse for victims as individuals around the world are relying on social media platforms to connect with loved ones more than ever before amid the COVID-19 pandemic."
In terms of preventative actions, Prigge observes: "Online businesses must implement stronger authentication methods, such as faced-based biometric authentication, to protect the real-world safety and personal information of their users.”