The Cybernews research team has uncovered a severe data leak. The iOS app “My Book List – Library Manager” has been spilling sensitive user data of 42,000 users via a misconfigured Firebase database.
The leaked data included users’ book lists, names, email addresses, IP addresses, purchase history, device metadata, and more.
You might think a few book titles here and there are harmless. But in reality, the leaked data from “My Book List” is a treasure trove for malicious actors – opening doors to targeted phishing scams using device and location data, and real-time data scraping by cybercriminals.
Here’s why this matters:
- It’s a systemic problem. The current leak was uncovered as part of an investigation by Cybernews, where researchers analyzed 156,000 iOS apps. We found that 71% leak at least one sensitive secret.
- The app also leaks API keys, client IDs, and tokens – hardcoded directly into the app. This dangerous practice could give attackers backend access, putting users and infrastructure at further risk.
- Access to the leaked data allows attackers to craft highly targeted phishing scams that increase the chances of tricking victims.
- A leaked IP address can reveal your approximate location, allowing scammers to create localized messages that appear more convincing.
- Exposed device metadata can help malicious actors tailor attacks to clients usage patterns, making the scams feel even more personal and difficult to detect.
To read the full research, please click here.
Like this:
Like Loading...
Related
This entry was posted on May 15, 2025 at 10:44 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
An iOS book app exposes 42,000 users’ personal data to hackers
The Cybernews research team has uncovered a severe data leak. The iOS app “My Book List – Library Manager” has been spilling sensitive user data of 42,000 users via a misconfigured Firebase database.
The leaked data included users’ book lists, names, email addresses, IP addresses, purchase history, device metadata, and more.
You might think a few book titles here and there are harmless. But in reality, the leaked data from “My Book List” is a treasure trove for malicious actors – opening doors to targeted phishing scams using device and location data, and real-time data scraping by cybercriminals.
Here’s why this matters:
To read the full research, please click here.
Share this:
Like this:
Related
This entry was posted on May 15, 2025 at 10:44 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.