Post reply

The message has the following error or errors that must be corrected before continuing:
Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.

Note: this post will not display until it's been approved by a moderator.

Name:
Email:
Subject:
Message icon:
Verification:
Please leave this box empty:

Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:

shortcuts: alt+s submit/post or alt+p preview

Topic Summary

Posted by Kalyan
 - Aug 19, 2020, 12:44 AM
Chinese loan app Moneed leaked over 350 mn India users data

Besides name and phone number, the database includes information about the phone a person was using, the apps installed on said phone, and their IP addresses, suggesting that Moneed's access to a user's data is extremely invasive

A vulnerability in Chinese micro-lending app, Moneed, may have exposed personal details of millions of Indian users. The vulnerability was found by security researcher Anurag Sen, who informed the company about it. While Moneed didn't immediately respond to the researcher's email, the company claims it has fixed the error after a report from The Next Web yesterday.

The database, which was seen by Mint, has over 350 million records of Indian users, including their names and phone numbers. It was stored on a server in China, even though the company's founder, Leon Xu, claimed all Indian data is stored in Mumbai. The database also includes information about the phone a person was using, the apps installed on said phone, and their IP addresses, suggesting that Moneed's access to a user's data is extremely invasive.

The company has another app on the Play Store, called MoMo, which works the same way as Moneed. The permissions list for that app says it can even control a phone's vibration, connect and disconnect from WiFi networks, have full network access, modify a phone's storage and read content on the phone, read contacts and modify them, and much more.

The app takes access to users' contact lists, and uploads the same to its servers. That means your phone number and name may be on the database even if you haven't used the app.

In a conversation with Mint via LinkedIn, Xu said the company has millions of users in India. He denied that the data belonged to Moneed at first, and said the researcher hadn't reached out to the company. However, he later said he would check with his teams about the same.

In an official statement sent to Mint today, the company said it has "thoroughly" communicated with the researcher and made fixing the loophole its top priority. "We have also thoroughly checked every part of our internal technology system with strengthening our firewall and security protection to completely meet the standards and requirements according to the laws and regulations set forth by the authorities," the company said in its statement.

The researcher, though, says that all he received from the company was a single email, with a statement similar to the one put on its social platforms and sent to the media.



source - live mint
IT Acumens Web Designing Chennai | GinGly :: Build your Personal Website | CineBuzz :: Cinema News | My Kids Diary :: Gift your Kids Memories :: Book Website @ 349 Rs monthly
Copyright 2005 - 2021 :: IT Acumens :: All Rights Reserved. :: XML Sitemap
ITAcumens Discussion Forum with 2 lakhs post running for 15 years - Powered by IT Acumens Pro Dedicated Server

My Kids Diary