“Password Papers” Report from Wandera Uncovers Severe Data Leaks from Mobile Sites
SAN FRANCISCO, CA – December 13, 2016 – Wandera, the leader in enterprise mobile security and data usage management, today announced the findings of a global analysis of nearly four billion requests across hundreds of thousands of corporate-liable devices for over 500 enterprises. The findings, available in the 2017 Mobile Leak Report, reveal more than 200 mobile websites and apps that were exposing sensitive consumer and enterprise information over the past year.
These data leaks were identified on devices located in more than 20 countries, and the mobile websites and apps represented span across more than a dozen categories, ranging from News & Sports and Business & Industry to Travel, Shopping and Entertainment. Of note, the mobile apps and sites leaking personally identifiable information (PII) included well-known and reputable sites/apps such as Royal Mail, Fox Sports Australia, SNCF and Thalys. Though the report reveals credit card data is more rigorously protected and accounts for only 2.3 percent of the leaked information, a large percentage of emails, usernames and passwords were compromised. This is concerning, considering usernames and passwords are often sufficient to provide full access to a user’s online account.
“Mobile is well and truly the new frontier for data security,” comments Eldar Tuvey, CEO of Wandera. “It’s clear that security and compliance risks are far more formidable threats than previously thought. With the reported cost of remedying a mobile breach in the US falling between $250,000 to $400,000 in many cases, enterprises need to take concrete steps to routinely monitor the data that flows to and from each individual device, identify potential security gaps and dynamically respond.”
Other key findings from the report include:
Employees’ legitimate use of some popular website or app comprise a significant – and often overlooked – threat to their privacy, identity and financial security. Rather than blindly trusting mobile app and website developers to implement effective security controls, organizations need to monitor data passing through corporate devices, analyze anomalous activity and detect threats in real time to mitigate the risk of data leaks.