31 million users of Ai.type entrusted their personal data to the app provider. It turned out to be a bad idea. A huge security leak handed user data – i.e. names, email addresses, IMEI and phone numbers, as well as contacts directories – to hackers, spammers and cyber criminals on a silver platter.

You can only shake your head when you read news like the data leak from the app Ai.type. The developer simply forgot to secure a MongoDB database that was 577 GB in size and thus threw the gates wide open for information thieves. Admittedly, everybody knows that mistakes can happen. The more serious element is the second failure: It seems the app provider had not implemented any security measures or test mechanisms to detect vulnerabilities like that – before they can be exploited by attackers.

However, preventive security tools have long been part of standard security strategies to secure the IT network. This also includes a comprehensive vulnerability management tool that continuously checks the IT infrastructure, detects and reports vulnerabilities to those who are in charge of. This way, an open database like the one in Ai.type would have been noticed very fast. Let’s hope that other providers deal with sensitive customer data in a much more responsible way. From next May onwards at the latest, there will be even more reasons to do so as the GDPR will come into force and costly penalties can be imposed.