Cyber-security company CloudSEK’s BeVigil, a security search engine for mobile apps, uncovered the vulnerability that puts over 40 lakh mobile customers’ sensitive data at risk. From the millions of Android apps, 21 e-commerce apps were identified to have 22 hardcoded Shopify API keys/tokens, exposing personally identifiable information (PII) to potential threats.
Over 40 lakh mobile phone users’ sensitive data is at hacking risk after cyber security researchers on Friday uncovered a critical security flaw in
‘s BeVigil, a security search engine for mobile apps, uncovered the vulnerability that puts over 40 lakh mobile customers’ sensitive data at risk.
From the millions of
apps, 21 e-commerce apps were identified to have 22 hardcoded
By hardcoding the API key, the key becomes visible to anyone who has access to the code, including attackers or unauthorised users.
If an attacker gains access to the hardcoded key, they can use it to access sensitive data or perform actions on behalf of the program, even if they are not authorised to do so, said security researchers.
