56 MEEELLION credentials exposed by apps say infosec boffins

Darren Pauli reports:

Researchers from the University of Darmstadt say app developers have exposed 56 million credentials by borking login processes using services from Google, Amazon, and Facebook.

The research team tested 750,000 Android and iOS applications, examining the way they used the federated identity services to make authentication smooth across different devices.

The team found data including email addresses, passwords, and health records could be exposed to eavesdroppers, and the respective accounts compromised if tokens were captured.

Read more on The Register.

Not all apps involving health data are covered by HIPAA, but some are. It will be interesting to see what, if anything, HHS does as a result of these findings.

Landmark civil penalty of AU$5.8 million issued under Australia’s Privacy Act
How many courts have had sealed and sensitive files exposed by one vendor's error?
Ukrainian Conti Ransomware Suspect Extradited to US from Ireland
Legal Aid Agency chief admits difficulties understanding impact of cyberattack
Revealed: Afghan data breach after MoD official left laptop open on train
US company with access to biggest telecom firms uncovers breach by nation-state hackers

Related: