Android user data exposure shows just how vulnerable our data really is

The Androids are among us. — Photo: © Digital Journal

There has been a recent Android user data exposure, which opened up over one million records of personally identifiable information. With the incident, Chinese developers of popular Android gaming apps exposed information belonging to users through an unsecured server, as ZDNet reports.

Many of those exposed were video gamer players, many of whom share personal data online. Looking at this latest data breach for Digital Journal is Pravin Rasiah, VP of Product, CloudSphere.

Rasiah places the data breach in the context of a series of recent concerns where public data has been exposed. He notes: “Data leaks occur much more frequently than people may expect.”

This is not an excuse for lax security, however, as Rasiah finds: “Companies storing sensitive customer information have an obligation to ensure that proper security and governance guardrails are in place.”

So why do data breaches occur with increasing regularity? Rasiah says: “Far too often, enterprises don’t have a good understanding of what their applications are hosted on within their environments, the business functions that are supported and the nature of the data stored within these apps and databases.”

The underlying issue is that the process of exposing sensitive data does not require a sophisticated vulnerability. Moreover, the very rapid growth of cloud-based data storage has exposed such weaknesses.

Consequently, Rasiah notes: “The lack of this context coupled with poor configurations at a network level (e.g. exposing it directly to the Internet) while failing to require authorization to gain access is a disastrous combination.”

Hence, Rasiah  observes: “When a server is left exposed, customer information becomes vulnerable to cybercriminals who can leverage this data for a multitude of malicious purposes, including launching highly targeted phishing attacks and brute force attacks against other organizations.”

With the specific incident in relation to Android services, Rasiah’s inquires find: “In this instance, because passwords were stored in plain text, bad actors could also use this login information to attempt to gain access to users’ other accounts, since many people use the same password across many different platforms.”

In terms of what can be done to prevent such incidences from happening again, it is time for companies to look internally and to put robust solutions in place.

Here Rasiah recommends: “To keep user data out of the hands of cybercriminals, companies should leverage platforms that provide holistic visibility into their environments as well as governance to ensure proper structure, processes and support. With a comprehensive assessment of the applications hosted within their cloud environment, companies can safely operate without putting customer data at risk.”