“Password Papers” Report from Wandera Uncovers Severe Data Leaks from Mobile Sites
SAN FRANCISCO, CA. Wandera, the leader in enterprise mobile security and data usage management, today announced the findings of a global analysis of nearly four billion requests across hundreds of thousands of corporate-liable devices for over 500 enterprises. The findings, available in the 2017 Mobile Leak Report, reveal more than 200 mobile websites and apps that were exposing sensitive consumer and enterprise information over the past year.
These data leaks were identified on devices located in more than 20 countries, and the mobile websites and apps represented span across more than a dozen categories, ranging from News & Sports and Business & Industry to Travel, Shopping and Entertainment. Of note, the mobile apps and sites leaking personally identifiable information (PII) included well-known and reputable sites/apps such as Royal Mail, Fox Sports Australia, SNCF and Thalys. Though the report reveals credit card data is more rigorously protected and accounts for only 2.3 percent of the leaked information, a large percentage of emails, usernames and passwords were compromised. This is concerning, considering usernames and passwords are often sufficient to provide full access to a user’s online account.
“Mobile is well and truly the new frontier for data security,” comments Eldar Tuvey, CEO of Wandera. “It’s clear that security and compliance risks are far more formidable threats than previously thought. With the reported cost of remedying a mobile breach in the US falling between $250,000 to $400,000 in many cases, enterprises need to take concrete steps to routinely monitor the data that flows to and from each individual device, identify potential security gaps and dynamically respond.”
Other key findings from the report include:
- A vast majority of leaks included sensitive information such as email/username (90%) and password/hash (86%)
- Of the top 50 adult websites, a staggering 80% were found to be leaking PII
- More than 59% of all leaks identified were from three categories: News & Sports, Business & Industry and Shopping
- 28% of identified data leaks were from another four categories: Travel, Entertainment, Lifestyle and Technology
- Despite being widely used (30% of data usage) and considered secure, nearly 2% of data leaks identified originated from social media
Employees’ legitimate use of some popular website or app comprise a significant – and often overlooked – threat to their privacy, identity and financial security. Rather than blindly trusting mobile app and website developers to implement effective security controls, organizations need to monitor data passing through corporate devices, analyze anomalous activity and detect threats in real time to mitigate the risk of data leaks.
The full analysis, “2017 Mobile Leak Report” is available for download here.