Vickery explained confirmed that the database behind the Kinoptic iOS app remained online, despite the application was removed from the official Apple store.the disconcerting aspect of the story is that the developers of the Kinoptic iOS app abandoned their service, leaving the data exposed on the Internet … a present for crooks that could use them to target the unaware users.
The data is available without authentication and includes usernames, email addresses, and hashed passwords, along with other details stored in profiles managed by the Kinoptic iOS app.
Vickery tried to report the issue to both Kinoptic developers and Apple. The Kinoptic team has never replied to the expert, meanwhile the Apple’s reply was:
“Chris, if you believe that this issue affects the security of an iOS device or the iTunes Store, you may report it to firstname.lastname@example.org. […]
On the other hand, if this security issue only affects the application itself, I’m afraid you will need to continue getting in touch with the app developer for assistance.”
This means that the data will continue to stay online until the server or the database is shut down.
Of course, if you have used in the past the Kinoptic app you need to change the password as soon as possible.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.