This past fall a terrifying leak of personal information of more than 3,000 users of the mobile messaging app Ring was revealed, according to BBC News. The flaw allowed any number of apps to access the data of the device used for communicating with Ring and Ring provided a warning to its users shortly before it was patched that “any intruder may have gained access to your Ring account.”
Not being able to fully turn off a private app is easy but a frequent end user’s concern is that of accidentally revealing any number of sensitive and private information to strangers and that is just what happened to Ring users, says Harald Vilhauer, an information security specialist at HV Tech.
“Over 3,000 mobile phone accounts were compromised because of a bug that exposed certain user data to third parties,” said Vilhauer, speaking at Global Payments, a cybersecurity conference on Tuesday.
“It is unclear what purpose the third parties might have wanted to perform with the data they were able to obtain from Ring. But one takeaway point should be for companies to make their data security secure, by encrypting user data,” he added.
The popular mobile messaging app that launched in September was quickly plagued by a “heat map” made up of maps where phone users have to their location at any one time – essentially creating a read-by from an open app, Vilhauer said. And while some people used that data for navigating, according to Quartz, the “danger lies in the private messaging,” he said.
The hackers could also use this to cause mischief, he said, by gaining access to users personal data that includes their social security numbers, education and work history, account details, and search histories. “If only 97 applications asked you to keep this data, it could potentially give the attacker infinite access to access your data,” he said.
Once the security flaw was patched, the company said they had worked with developers to shut down apps that used this or access to other devices was blocked, according to Quartz.
And while Ring is not the first major app to have access to users personal data without proper security safeguards, it’s not the first time it’s caused such outrage, either.
The less serious exposed data also includes addresses and phone numbers from email-sharing app Mailchimp, a notifications app that made the same security errors. Additionally, all phone numbers in Japan were vulnerable after a security breach on Kakao Talk, a messaging app, which has long been used by a variety of tech and gaming companies worldwide.
Photo courtesy Ring