Connect with us

Hi, what are you looking for?

Tech & Science

Android user data exposure shows just how vulnerable our data really is

Too often enterprises don’t have a good understanding of what their applications are hosted on within their environments.

The Androids are among us. — Photo: © Digital Journal
The Androids are among us. — Photo: © Digital Journal

There has been a recent Android user data exposure, which opened up over one million records of personally identifiable information. With the incident, Chinese developers of popular Android gaming apps exposed information belonging to users through an unsecured server, as ZDNet reports.

Many of those exposed were video gamer players, many of whom share personal data online. Looking at this latest data breach for Digital Journal is Pravin Rasiah, VP of Product, CloudSphere.

Rasiah places the data breach in the context of a series of recent concerns where public data has been exposed. He notes: “Data leaks occur much more frequently than people may expect.”

This is not an excuse for lax security, however, as Rasiah finds: “Companies storing sensitive customer information have an obligation to ensure that proper security and governance guardrails are in place.”

So why do data breaches occur with increasing regularity? Rasiah says: “Far too often, enterprises don’t have a good understanding of what their applications are hosted on within their environments, the business functions that are supported and the nature of the data stored within these apps and databases.”

The underlying issue is that the process of exposing sensitive data does not require a sophisticated vulnerability. Moreover, the very rapid growth of cloud-based data storage has exposed such weaknesses.

Consequently, Rasiah notes: “The lack of this context coupled with poor configurations at a network level (e.g. exposing it directly to the Internet) while failing to require authorization to gain access is a disastrous combination.”

Hence, Rasiah  observes: “When a server is left exposed, customer information becomes vulnerable to cybercriminals who can leverage this data for a multitude of malicious purposes, including launching highly targeted phishing attacks and brute force attacks against other organizations.”

With the specific incident in relation to Android services, Rasiah’s inquires find: “In this instance, because passwords were stored in plain text, bad actors could also use this login information to attempt to gain access to users’ other accounts, since many people use the same password across many different platforms.”

In terms of what can be done to prevent such incidences from happening again, it is time for companies to look internally and to put robust solutions in place.

Here Rasiah recommends: “To keep user data out of the hands of cybercriminals, companies should leverage platforms that provide holistic visibility into their environments as well as governance to ensure proper structure, processes and support. With a comprehensive assessment of the applications hosted within their cloud environment, companies can safely operate without putting customer data at risk.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

At Acumatica Summit 2022, the cloud ERP leader announced updates to its future-proof platform and new paths toward success.

Tech & Science

China's deployment of J-16D jets into Taiwan's air defence zone this week marked the first sighting of the new high-tech warplanes.

World

The US Coast Guard launched a search for 39 people reported missing when a boat capsized off the coast of Florida.

World

Pfizer and BioNTech have begun a clinical trial to test the safety and immune response of their Omicron-specific Covid-19 vaccine.