Security News > 2023 > February > Money Lover for Android & iOS leaked email addresses, transactions
Money Lover is a finance app allowing users to manage their expenses and budgets that has been downloaded five million times on the Play Store, with the app also available for iOS and Windows.
Money Lover allows users to create "Shared wallets" with specific users, like family members or coworkers, to log transactions to collaborate in expense logging and monitoring.
Users invited to a shared wallet typically know each other, so sharing data and email addresses are expected.
Trustwave's analyst and Money Lover user, Troy Driver, found that transaction data and email addresses associated with shared wallets are exposed to any authenticated users of the app.
"The shared wallet transactions disclose user information, such as the user's email address and shared wallet name," reads the Trustwave report.
Money Lover users are recommended to update their app to the latest available version using their operating system's app store.