Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A mobile application developer has warned of a data breach that could affect up to ten million users.
Trapster.com, which developed an app to help users evade speed traps, warned users about a breach in its username and password database. In a note to users, the Trapster team said that it had learned that its website has been the target of a hacking attempt and it is possible that email addresses and passwords were compromised.
“We have taken and continue to take, preventative measures to avoid future incidents but we are recommending that you change your Trapster password. As always, Trapster recommends that you use distinctive passwords for each site you visit, but if you use the same password on Trapster that you use on other services, we recommend that you change your password on those services as well,” it said.
In an FAQ, Trapster said that it was "best to be cautious" when it comes to password security and that it was "best to assume that your email address and password were included among the compromised data".
The company said that this was a single event and the team understood how it occurred and took steps to help prevent it happening again.
“Please note that we are taking these actions with our users as a precautionary measure. While we know that we experienced a security incident, it is not clear that the hackers successfully captured any email addresses or passwords and we have nothing to suggest that this information has been used,” it said.
It also confirmed that it is in the process of notifying registered users and has rewritten the software code to prevent this type of attack from happening again. It said that it will continue to implement additional security measures to further protect data.
Paul Vlissidis, technical director at NGS Secure, said: “It is common for users to apply the same passwords to frequently used websites, however, by doing this you are effectively increasing the risk that if any of the websites get hacked then all the others can be accessed.
“Website owners should declare if they store your passwords using strong hashing. This is a simple process and not any more expensive to implement. Unfortunately, websites not using this method of cryptography is something we see all too often and this can only be down to developers' laziness or ignorance. In the case of Trapster, it would appear that they didn't encrypt or hash so the hackers got the crown jewels.”
This article originally appeared at scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.