56 MEEELLION credentials exposed by apps say infosec boffins

Darren Pauli reports:

Researchers from the University of Darmstadt say app developers have exposed 56 million credentials by borking login processes using services from Google, Amazon, and Facebook.

The research team tested 750,000 Android and iOS applications, examining the way they used the federated identity services to make authentication smooth across different devices.

The team found data including email addresses, passwords, and health records could be exposed to eavesdroppers, and the respective accounts compromised if tokens were captured.

Read more on The Register.

Not all apps involving health data are covered by HIPAA, but some are. It will be interesting to see what, if anything, HHS does as a result of these findings.

Two more entities have folded after ransomware attacks
British institutions to be banned from paying ransoms to Russian hackers
Global hack on Microsoft product hits U.S., state agencies, researchers say
Inquiry launched after identities of SAS soldiers leaked in fresh data breach
Government will 'robustly defend' compensation claims from Afghans put at risk by data breach
More than 100 British government personnel exposed by Ministry of Defence data leak

Related: