Security News > 2021 > April > Websites of EU Mobile Providers Fail to Properly Secure User Data: Report
Sensitive data pertaining to the customers of top mobile services providers in the European Union is at risk of compromise due to improperly secured websites, data security and privacy firm Tala reveals.
An analysis of the websites of 13 of the top mobile telecom companies in the EU has revealed that none of them has in place even the minimum necessary protections to be considered secure.
"With over 235 million customers between them, none of the mobile providers scored a passing grade for website security. Where a score of 80+ is considered reasonable and 50 is barely a passing grade, none of the mobile providers analyzed comes close," Tala says in a new report.
The sensitive data that customers enter on the websites of these mobile opertors is also potentially exposed through the forms employed to gather the data, as these connect to a large number of domains, revealing extensive data sharing, "25% more than the global Alexa 1000 average for websites," Tala notes.
The research also revealed that none of the analyzed websites had in place the necessary protections to prevent unintentional data exposure, and any piece of third-party code running on the website could be used to "Modify, steal or leak information through client-side attacks enabled by JavaScript," the report reads.
While the data sharing in most cases was done through whitelisted, legitimate applications, the website owner wasn't always aware of the type of data that these applications would collect, or the extent of the data collection.