Leave a comment

Target's wish list app could have coughed up your personal info

Target's wish list app could have coughed up your personal info

Using an app to create your holiday wish list seems like a safe enough thing to do. In fact, most of us wouldn't even think twice before entering in our personal information. Especially when that app comes from a big-name retailer like Target.

But you might remember that just last year Target was the center of a major data breach that affected over 100 million people. As a consequence, the company was slapped with a $10 million payout last March.

You'd think that would give Target extra incentive to protect it's customers' personal information, but according to recent reports, a security breach has happened again. This time, it's with the Target Holiday Wish List app that was released in October. The app was designed specifically to create your child's wish list and share it with friends and family. It also offered shoppers coupons and special discounts.

Sounds great, right? Of course the app was a huge hit with customers. The only problem was that when you registered, the app requested and stored your personal information. And now, researchers from Avast - a top security firm - have discovered that information is actually public. All you have to do is look for it.

Target's app wasn't the only one that Avast reviewed. It also looked at apps from retailers like, Home Depot, Macy's, J.C. Penney, Walgreens, and Wal-Mart. And although it did find some of those apps requested more information than seemed necessary (Walgreens and Home Depot in particular), the only major security concern it found was with the app from Target.

In a statement released by Avast, the threat was described in the following way: "To our surprise, we discovered that the Target app’s Application Program Interface (API) is easily accessible over the Internet. An API is a set of conditions where if you ask a question it sends the answer. Also, the Target API does not require any authentication. The only thing you need in order to parse all of the data automatically is to figure out how the user ID is generated. Once you have that figured out, all the data is served to you on a silver platter in a JSON file."

The words "served to you on a silver platter" are not words you want to hear when they're referring to your private information. If you've already registered and used the app, we recommend that you be on the lookout for scams as an extra precaution. Watch out for phishing scams, phone scams and suspicious mail. It's also a good idea to monitor your bank accounts closely and review your credit score, since hackers can use this information to find even more details on you.

Next Story
Source: Ars Technica
View Comments ()
Linux can be hacked by pressing Backspace 28 times
Previous Happening Now

Linux can be hacked by pressing Backspace 28 times

Enlisted personnel can now be Air Force drone pilots
Next Happening Now

Enlisted personnel can now be Air Force drone pilots