All you Amazon Photos users out there, please be aware of a high-severity vulnerability in the app that you are using to store photos and videos in original quality. The said application that is found to have over 50 million downloads can be exploited by hackers to steal Amazon access tokens and steal data thereafter.
Cybersecurity researchers from Checkmarx have confirmed a security bug on the Android phone application that could allow hackers to steal the personal information of hackers.
Researchers claim that the application has a mis-configured component that was exported in the applications manifest file, which allows external apps to access data.
Having a free hand to access tokens allows cyber criminals to change files and delete history leading to recovery issues, as the subjecting accessing the files can completely erase files and folders from Amazon Drive Account.
Upon discovering the vulnerability, Checkmarx contacted Amazon in a first level of action and notified the flaw to the technology giant.
Amazon reportedly acknowledged the issue by releasing a fix for it as soon as it analyzed the facts and got it figured out by its engineers as true.
Amazon Photos vulnerability news comes just a month after the china-based company was found exposing its Elasticsearch server to hackers with no password or 2FA protection and information such as personal email addresses, surnames, PayPal account and account profiles pertaining to Amazon sellers was up available for grab to anyone.
Interestingly, the server was also found hosting Amazon user reviews on its platform that were determined to be fake at a later stage.