ReportWire

Tag: Cybernews

  • AI Photo ID apps leak sensitive GPS data for millions of users – Tech Digest

    [ad_1]

    Share

    Image: Cybernews


    Popular AI-powered identification apps have exposed the private data of over 150,000 users.

    According to a new report by Cybernews, three Android applications used to identify animals and insects are at the centre of the breach. The affected apps include “Dog Breed Identifier Photo Cam,” “Spider Identifier App by Photo,” and “Insect Identifier by Photo Cam.”

    Together, these tools have amassed more than two million downloads on the Google Play store.

    Researchers found that the leak was caused by a critical misconfiguration in Firebase, a popular backend platform. Insufficient authentication controls allowed the apps’ databases to remain open to the public internet. This lapse enabled anyone to view and even modify sensitive user information without a password.

    The leaked data includes email addresses, usernames, and profile photos. More alarmingly, the apps exposed precise GPS coordinates. This location data was likely harvested through app permissions or extracted directly from the metadata of photos uploaded by users.

    Security experts warn that this information could be used for stalking, doxxing, or targeted social engineering attacks. By linking usernames and photos to physical addresses, malicious actors could potentially track a user’s movements or identify where they live.

    The investigation also uncovered evidence that cybercriminals may have already accessed the information. Each of the exposed databases contained a “poc” (Proof of Concept) entry.

    These markers are typically left behind by automated bots that scan the web for unsecured servers, suggesting the data was compromised before researchers arrived.

    Beyond these specific apps, the Cybernews team highlighted a broader trend of poor security in the AI sector. Their research into Android AI applications found that 72% contained “hardcoded secrets,” such as API keys and cloud identifiers. These secrets act as master keys that hackers can use to gain deeper access to a company’s infrastructure.

    The apps are linked to developers MobilMinds and OZI Technologies. Despite multiple attempts by researchers to disclose the vulnerability, the developers have not responded.

    The leak serves as a stark reminder that high download counts do not guarantee security. Experts recommend that users regularly check app permissions and remain cautious about granting location access to niche utility apps.

    For those who have used these identifiers, the risk remains high as the data may already be in the hands of threat actors.

    https://cybernews.com/security/ai-photo-apps-leaking-gps-data/


    For latest tech stories go to TechDigest.tv

    Discover more from Tech Digest

    Subscribe to get the latest posts sent to your email.

    [ad_2]

    Chris Price

    Source link

  • Massive cybersecurity breach exposes 45 million French records – Tech Digest

    [ad_1]

    Share

    In a security failure of unprecedented scale for the region, the Cybernews research team has discovered an unprotected cloud database containing over 45 million records belonging to French citizens.

    The exposed dataset, which was hosted on a server within France, represents a catastrophic privacy risk due to the highly sensitive and diverse nature of the information involved.

    According to the researchers, the repository appears to be an amalgamation of data from at least five unrelated sources. This suggests that the leak was not a simple corporate misconfiguration but likely the work of a data broker or criminal collector.These actors typically merge stolen datasets from multiple previous breaches to create unified “identity graphs,” significantly increasing the resale value on the dark web.

    The sheer variety of the stolen records is particularly alarming. The Cybernews team identified over 23 million entries resembling population or voter registries, which include full names, physical addresses, and dates of birth. Such data provides a foundational layer for identity theft and highly targeted physical or digital fraud.

    Beyond basic demographics, the leak heavily impacted the healthcare and financial sectors. Researchers found approximately 9.2 million records of healthcare professionals, mirroring official French registries.

    Furthermore, the database held 6 million financial profiles, some of which contained sensitive banking details including IBAN and BIC banking details, along with another 6 million records linking named individuals to their vehicle registrations and insurance information.

    The researchers warn that the combination of this data allows attackers to perform sophisticated “social engineering” attacks and financial fraud. By linking a person’s home address to their bank details and insurance status, criminals can build detailed profiles to infiltrate critical business systems or commit impersonation crimes.

    The discovery follows a troubling trend of cyberattacks in France, including recent breaches at the Ministry of the Interior and several major universities. After being alerted by the Cybernews team, the hosting company took the database offline, though it remains unknown how long the information was accessible to other malicious parties before it was secured.

    https://cybernews.com/security/millions-french-citizen-records-leaked/


    For latest tech stories go to TechDigest.tv

    Discover more from Tech Digest

    Subscribe to get the latest posts sent to your email.

    [ad_2]

    Chris Price

    Source link