Exploit: Accidental data exposure
COVID19 Alert: Mobile application
Risk to Small Business: 1.315 = Extreme
Developers for the mobile app, COVID19 Alert, which was pitched to the government as a way to track COVID-19 cases, compromised user data in its source code. Before the breach, the app was on the shortlist for government adoption, which could have provided a lucrative contract for developers. Instead, the company has experienced public backlash, and it seems unlikely that they will progress further in the selection process.
Individual Risk: 2.380 = Severe
The source code, which was released for public scrutiny ahead of the selection process, contained the names, email addresses, and hashed passwords from another project by the developers. This information can quickly make its way to the Dark Web where bad actors can redeploy it in a variety of cybercrimes. Those impacted by the breach should update their account credentials and carefully monitor their accounts and communications for suspicious or unusual activity.
Customers Impacted: 200
How it Could Affect Your Customers’ Business: Developers cited their rapid development schedule and their desire to quickly make the service available as the reason for the oversight. However, companies looking to bring a new digital product to market must ensure that user data is secure. Otherwise, the project is likely to stall out before it ever even gets started.