Seeking Alpha’s app leaks users’ stock holdings
Financial news site Seeking Alpha’s mobile applications leaks the stock positions of more than 500,000 users, reports Jeremy Seth Davis of SC Magazine.
Davis writes, “The flaw was disclosed by Rapid7 researchers after the security firm contacted Seeking Alpha two months ago, however, Rapid7 stated in an email to SCMagazine.com that the financial publisher has not yet responded to the researchers and the vulnerability has not been patched.
“‘Until Seeking Alpha provides a fix for the mobile application, users are strongly advised to not use the application while connected to untrusted networks,’ Rapid7 security research manager Tod Beardsley wrote in a company blog post. ‘The use of a VPN will also help alleviate the most likely risk of a nearby eavesdropper on a public network, but note that this would protect communication only as far as the VPN endpoint.’
“Seeking Alpha did not respond to this publication’s requests for comment. Seeking Alpha’s Android app was last updated in late May. Between 500,000 to 1 million users have installed the Android app, initially released in January 2013, according to data published by Google Play.”
Read more here.