HQ/EMEAFind out how we can help your business
New reports showed that one of Android’s most utilised voice chat applications, OyeTalk, has experienced a data leak in its systems. The voice chat app incident affected millions of users’ private data, such as unencrypted chat histories, usernames, and IMEI numbers.
Oyetalk serves about five million users worldwide. According to researchers, the leak transpired from unprotected access to a cloud-based dev platform called Firebase, where most of the company’s customer database is stored.
The exposed database allowed malicious actors to obtain and delete them, permanently losing people’s sensitive data if the voice chat app company did not back them up in a separate location.
The voice chat app developers failed to secure the publicly exposed database immediately.
After learning that the exposed Firebase repository caused the data leak, Oyetalk’s developers had not promptly resolved it and failed to secure the exposure. Thus, Google’s security team intervened to contain the damage the company could not fix.
Security experts also found that the company had left sensitive data hardcoded in the voice chat app’s client side. This environment includes a Google API key and links to storage buckets.
These subsequent security errors from the company’s end instigated the data leak problem, which could also lead to hackers having complete control over the exposed user data within the cloud repositories.
In the past “Proof of Compromise” (PoC) records, the voice chat app Oyetalk had been found with a vulnerability concerning their storage of databases in cloud-based platforms such as Firebase. This issue implies that there had been an open problem that the company could have fixed before threat actors abused them.
Security experts presume the exposed customer data will be utilised for cybercriminal activities, such as identity theft and scams. The app’s reputation among all its users will also be dented due to this issue that reveals their negligence.
Furthermore, Oyetalk can also expect upcoming legal repercussions about the issue, including facing lawsuits that violate data privacy laws.
