56 MEEELLION credentials exposed by apps say infosec boffins
Darren Pauli reports:
Researchers from the University of Darmstadt say app developers have exposed 56 million credentials by borking login processes using services from Google, Amazon, and Facebook.
The research team tested 750,000 Android and iOS applications, examining the way they used the federated identity services to make authentication smooth across different devices.
The team found data including email addresses, passwords, and health records could be exposed to eavesdroppers, and the respective accounts compromised if tokens were captured.
Read more on The Register.
Not all apps involving health data are covered by HIPAA, but some are. It will be interesting to see what, if anything, HHS does as a result of these findings.