Dozens of popular apps vulnerable to password hack


It was revealed today that some popular iOS and Android apps from Walmart, ESPN, Slack and SoundCloud are vulnerable to password cracking, according to AppBugs. The security company discovered that dozens of the most popular smartphone apps allow you to make any number of login attempts without any restriction. That means hackers can repeatedly guess the passwords and possibly gain access to your accounts.

Popular apps susceptible

These days, more secure apps force you to reset your password if you enter it incorrectly several times, or they lock you out and send an unlock code by SMS or email, for example.

AppBugs looked at the most popular apps to see how they fared. The company checked 100 popular apps with password protected web accounts, and also limited the test to apps that had been downloaded at least a million times. Of the 100 apps tested, 53 has the vulnerability.

To safeguard the apps, the security firm gave the developers 30 days to fix the issue. So far though, AppBugs has just published a few of the names. Those mentioned today include Songza, Pocket, Wunderlist, iHeartRadio, WatchESPN, Expedia, Dictionary, CNN, Domino’s Pizza USA, Zillow, AutoCAS 360, Slack, SoundCloud, Kobo and Walmart. Of those, only Dictionary, Wunderlist  and Pocket have fixed the issue, with the rest still vulnerable. On 30th of July, the rest of the apps will be made public…

There’s not much that can be done by users to protect against such an attack. If you have a strong and long password, you’re less at risk, but on mobile apps many people choose simple and easy to remember passwords.

If you’re wise, use an app such as 1Password or mSecure to manage your passwords and for each new account generate a secure password that you can’t remember. That’s pretty much all you can do, but if there’s the option of 2 factor authentication as well, use it. None of the listed apps offer that however…



1 Comment

  1. I’m not sure about the other apps listed, but Slack does offer two-step verification. If you’re at all concerned about security (and you should be online) I highly recommend using two-step for Slack – and any other applications where its offered..