Researchers find security flaw in Target mobile app2015-12-17 03:07 by Daniela
Tags: Target, security
Customers who have used Target's wish-list making mobile app may be exposed to hacker attacks. Security company Avast has recently announced that a vulnerability in the app allows unauthorized access to customers' addresses, phone numbers and other personal information from wish lists.
"To our surprise, we discovered that the Target's app's Application Program Interface (API) is easily accessible over the Internet," Filip Chytry wrote on the Avast blog. "The only thing you need in order to parse all of the data automatically is to figure out how the user ID is generated," Chytry said. "Once you have that figured out, all the data is served to you on a silver platter in a JSON file."
The good news in this case is that credit card numbers don't appear to be stored with the wish lists, so financial information isn't vulnerable.
Soon after Avast notified Target of the mishap, the retailer said it suspended certain elements of the app while developers investigate the issue and come up with a fix.
Read more -here-