Maybe this sounds familiar: You go to log in to some app or service you haven't used in a while, but you've forgotten your password. You try a few from memory, but after three tries the service blocks you and informs you that you'll have to wait x minutes before trying again.
Frustrating, right? Certainly. But this simple security measure is a critical roadblock against hackers, who can use specialized software to repeatedly guess at your password—often trying hundreds or thousands of possibilities. It's called a "password brute force attack," and that annoying failsafe is essentially the only thing keeping a hacker from hijacking your account.
However, dozens of hugely popular iOS and Android apps currently lack protection against brute-force attacks. According to a report published this week by digital security firm AppBugs, these apps have been collectively downloaded up to 600 million times. It's a scary finding, particularly since the vulnerability is on the server side—it doesn't matter how complicated your password is, since the enemy can systematically check all possible combinations.
Included among the vulnerable apps are: CNN, ESPN, Slack, Expedia, SoundCloud, Walmart, iHeartRadio, AutoCAD, and Kobo. Fortunately, none of these services is likely to house your financial data, but the report is still indicative of a pervasive problem.
If you use any of these apps and (for whatever reason) are worried about the data stored within, it might be a good idea to hold off on using them until their security holes are filled. Even better, ask the developers to take action.
Our editors review and recommend products to help you buy the stuff you need. If you make a purchase by clicking one of our links, we may earn a small share of the revenue. Our picks and opinions are independent from any business incentives.
Get Our Newsletter
Real advice from real experts. Sign up for our newsletter
Thanks for signing up!