Researchers at Appthority discovered more than 1,000. Applications with unsecured connection to servers, which can lead to the leakage of 43 TB of data. Experts examined 39 of them, which caused the leakage of over 280 million records (163 GB). The leak occurred because of the weak protection of servers that do not require any authorization to access the data. Vulnerability is called HospitalGown.
Researchers analyzed the network traffic of more than 1 million corporate iOS and Android-applications and found over 21 thousand. Open, unprotected servers Elasticsearch, to which are connected often used in enterprises applications.
Many vulnerable applications disclose such personally identifiable information as passwords, location, travel and payment data, corporate data of company employees (e-mail addresses, phone numbers and PIN-codes) and customers. In some cases, attackers have already received this information and used to extort money.
Even if the application has been removed, there is a risk of leakage, because the data continues to be stored on an unprotected server.