From ArsTechnica:


The next time a friend or family member asks you to install a gift-registry app, remember this: the app is almost certainly soaking up lots of your personal details. In the case of one such app from retailing giant Target, it’s more than happy to make those details public. Witness the following:

Enlarge Avast

According to researchers from security firm Avast, the database storing the names, e-mail addresses, home addresses, phone numbers, and wish lists of Target customers is available to anyone who figures out the app’s publicly available programming interface. In a blog post published Tuesday, they wrote:

If you created a Christmas wish list using the Target app, it might be accessible to more people than you want to actually receive gifts from. The Target app keeps a database of users’ wish lists, names, addresses, and e-mail addresses. But your closest family and friends may not be the only ones who know you want a new suitcase for your upcoming cruise!

To our surprise, we discovered that the Target app’s Application Program Interface (API) is easily accessible over the Internet. An API is a set of conditions where if you ask a question it sends the answer.…

Continue Reading