Back to Vulnerability

Vulnerability

Small misconfiguration exposes the data of 50.5 million GOMO app users.

GOMO, also known as Sungy Mobile,is a mobile app development firm based in China.On May 25, 2018, more than 50 million users'details were exposed,including email addresses,country information,in-store purchases,avatars,usernames, birthdays,school information,and international mobile subscriber identity numbers.The leak affected 50,553,664 accounts,47,415,210 devices,4,379 mobile numbers, 51,426,769 email addresses, and 48,255,172 profiles.

How did this happen?

GOMO's technical team opened a port while fixing an issue on Amazon Web Services (AWS), but failed to close it once the repair was finished. The security incident was first identified by independent researcher Flash Gordon. Apart from user data, Gordon discovered that GOMO left application-specific details such as payment gateways and deployment information unencrypted.

How has GOMO responded?

Even when organizations enforce stringent procedures to secure their networks and keep user data confidential, oversights still happen, and even a seemingly small misconfiguration can leave a gaping security hole with severe repercussions. To prevent such incidents in the future, GOMO has deployed additional manpower when performing any database-related actions. It's also implemented advanced encryption techniques for all user-related data.

How ManageEngine can help.

EventLog Analyzer continuously analyzes log data from vulnerability scanners such as Nessus, Qualys, OpenVAS, and NMAP, and issues instant alerts on vulnerabilities such as open ports in the network. The tool also offers out-of-the-box forensic reports, which give you an overview of your network's vulnerabilities. Get started with your free trial today.

Latest DoS and DDoS attacks

Latest Brute force attack

Latest Crypto ransomware

Latest Advanced persistent threat (APT)

Compliance violation

Stay In The Know

Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.

Please enter a business email id
 

By clicking 'I’m interested', you agree to processing of personal data according to the Privacy Policy

© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.