Pray.com is a platform which provides daily prayers and faith content to its users. It collects user data as profile info just like all the other apps. But what’s interesting Pray.com exposed 10million users data due to poor security measures. Researchers at vpnMentor identified this fault and reported on Nov 19.
The data includes all the information including phone numbers, emails, and in case of private accounts usernames and passwords as well. Pray.com uses Amazon Cloud solution and its S3 bucket where the data is exposed. But there is no fault of Amazon, it is due to Pray.com poor security measures that lead to the leak.
Amazon S3 bucket gives ample explanation on how to secure data but it is the user responsible for setting up security measures. The S3 bucket was discovered on Oct 13 and the researchers had to reach out four times to the Company before finally getting a response on Nov 16. Researchers further explained:
Pray.com seemingly overlooked installing proper security measures on its CloudFront account, As a result, any files on the S3 buckets could be indirectly viewed and accessed through the CDN, regardless of their individual security settings
Pray.com hasn’t made any public comment on this topic even when reached out by Fox News. The CEO responded to Researchers “Unsubscribe”😂. Pray.com is likely to face legal action due to California Consumer Act. Anyone who is using Pray.com is advised to unsubscribe to protect yourself from Cyber Crimes.
Thanks for being with me. Leave your thoughts or questions in the Comments I will be happy to respond. Consider Subscribing to the newsletter if you loved the content
Be First to Comment