50.5 million Gomo App users' data exposed by Sungy Mobile

Numerous GOMO App users' data leaked

Sungy Mobile accidentally leaked numerous users' private details due to a failed backup.

According to a famous researcher named Flash Gordon,^[1] on the 25th of May, he found that various GOMO Apps users had their data exposed by a popular Chinese development company called Sungy Mobile. Most of the affected users appeared to be children. The sensitive information was leaked due to the vulnerable IP addresses which allowed the data leakage without lots of effort.^[2]

The number of affected users can be explained by the fact that GOMO apps are commonly known in China and are frequently used by numerous kids. The Sungy Mobile company has already achieved around 2 billion downloads of the famous app. The app was launched for the first time in 2003 and received lots of good reviews from its users. It provides a big range of entertaining programs and gives users access to more than 70 channels.^[3]

Exposed data included personal details

According to research, data, which was exposed by the Chinese firm, included various email addresses, passwords, the users' addresses, various purchases, etc. Nevertheless, even US users' information such as email addresses, usernames, genders, birth dates, and other personal details were leaked during the exposure.

The firm's announcement that was stated in DataBreachers.net said:

This issue happened when we were fixing a issue on AWS and had to open PORT80 however failed to close the port due to a tech bug. We realized the issue on 30th May and fixed this problem right after.

From this statement, we can conclude that data exposure was not an intentional action. A struggle while performing a backup has been the reason for the bug and 50.5 million users' personal information leakage.

Sungy Mobile system's specific details were also revealed

Researchers have claimed that not only users faced data exposure but the company had its data leaked too^[4]. Various information about the Sungy Mobile's GOMO application such as system specification details was also exposed.

DataBreaches.net announced this fact^[5]:

Data from every application as well as deployment, product, administration, statistics, payment gateways, and much more was left unprotected in plaintext.

The exposed material was considered as “attractive to various threat actors” that might come up with a way, how to misuse the exposed information and various marketing-related details.

Protect yourself from data exposure

However, as you all can see, there is no guarantee that your personal details will be safe even if you provide them to a trustworthy and well-known company. Even such firms might accidentally mess up various backups and other settings that might cause data leakage. Even more, barely any companies are 100% protected from various hackers that might sneak in a highly-protected system using high-standard techniques.

In spite of the fact that data breach is a common occurrence nowadays, we need to take some actions in our hands and protect our personal information as much as possible. DO NOT provide any details for strange-looking websites and applications, better do not sign up for such pages at all. If you are asked by a trustworthy site to type in some personal information, beware that the more details you provide, the higher is the risk of being exposed due to a cyber attack or an accidental data leakage. Try to provide as fewer details as possible because no information is fully safe on the Internet.