Proposed Coronavirus Tracking App Included Private User Data in Source Code - Binary Defense

Threat Watch

Threat Watch Proposed Coronavirus Tracking App Included Private User Data in Source Code

Proposed Coronavirus Tracking App Included Private User Data in Source Code

An app called Covid19 Alert, that was proposed to the Netherlands government as a means of tracking the spread of Coronavirus was quickly turned down after it leaked user data. The source code for the app was put online for analysis, and soon after it was noticed that the source files had user data in them that originated from another app. The code was removed when it was noticed, but that wasn’t good enough. Information that was leaked included nearly 200 full names, email addresses, and hashed user passwords stored in a database from another project linked to the app’s developer. Improvements are apparently being made to the app, but it is unlikely it will be chosen by the government of the Netherlands.

ANALYST NOTES

The software developer stated that the mistake was made due to their haste to make the code available online. As many companies rush to release new mobile apps, online services or other software to meet new demands created by the global pandemic, there is an increased risk of exposing private data. Audits of the source code and security configurations of cloud servers are necessary to prevent mistakes from resulting in data leaks or other damage. Users whose data is exposed should be cautious of increased phishing attempts and change their passwords if any password data or hashes are exposed.

Source: https://www.zdnet.com/article/proposed-government-coronavirus-app-falls-at-the-first-hurdle-due-to-data-breach/?&web_view=true