Security News > 2021 > April > Mobile providers exposing sensitive data to leakage and theft

Mobile providers are exposing sensitive data Sensitive data is at significant risk via form data exposure: Forms used to capture credentials, banking details, passport numbers, etc.

100% of the websites are vulnerable to cross-site scripting: The most widespread website attack, which frequently results in significant sensitive data leakage.

Unintentional data exposure is a significant, unaddressed risk for all of the telcos analyzed.

"In many cases, data sharing or exposure takes place via trusted, legitimate applications on the allowlist -often without the website owners' knowledge," said Deepika Gajaria, VP of Products at Tala Security.

"While most online businesses do a great job protecting data after the user has entered it, few seem to be aware of data leakage as an unintended consequence of the dynamic, rich website experience telcos are known for. This has potentially far-reaching implications for user privacy and, by extension, GDPR. Unfortunately, our analysis indicates insufficient awareness of the risk. It's time for website owners to start caring about over-sharing."

"European telcos routinely collect sensitive data like passport scans, banking details, address and employment information. When website owners fail to effectively secure data as it is entered into their websites, they're effectively leaving it hanging, an accident waiting to happen," said Gajaria.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Kz9sHG2yV7o/