Arxan comments on Peekaboo Moments data breach
January 2020 by Arxan
Winston Bond, EMEA Technical Director at Arxan, comments on the Peekaboo Moments data breach which exposed thousands of photos and videos of babies as well as sensitive information such as email addresses and device data:
‘Data on mobile devices is stored predominantly in apps so it is paramount that organisations understand just how important it is to secure their apps in order to keep their customers’ data safe and secure. It astounds me that I still have to reiterate the need to do this, particularly when it is children’s data that is being left exposed.
This breach is a great example of extracting a web API from a mobile app and then using it to extract data. It shows exactly why app developers should harden their apps against reverse engineering and use integrity checks to make sure that the app is what it is supposed to be. Exposing a database through a web API is obviously insecure so it begs the question, why are companies still doing it?’