Foursquare and Netflix Apps Are Storing Your Passwords Unencrypted

Storing passwords in plaintext is a bad idea. You'd think that the smarties at Netflix and Foursquare would know better. But the Wall Street Journal reports their Android versions—and other apps—do no such thing. Not good.

According to security firm viaForensics, the the Netflix, Foursquare, and LinkedIn apps for Android are storing your passwords without a trace of encryption. Square's apps for both Android and iOS are vulnerable as well—albeit differently—revealing transaction and digital signature histories to prying hacker fingers.

Advertisement

Any responses, fellas? Foursquare, LinkedIn, and Netflix have all released mea clupas, saying they're "working on" fixes for the unencrypted vitals. Square, on the other hand, blames global credit card standards for the data their app holds. Keep that in mind next time you swipe your card through someone's phone. [WSJ]

Share This Story

Get our newsletter

DISCUSSION

I'm confused. This makes it sound like the passwords are stored in multiple places depending on the usage (website, app, XBox, etc), which doesn't make sense to me. I would expect them to be stored in one location and all authentication would be done against that master record.

I have a Netflix account that I use with my laptop and my XBox. Do both use different records to authenticate my account and are both at risk in different ways?

Am I misunderstanding something?

Anyhow, at a bare minimum, salt and hash the passwords and throw away the original for God's sake. It's not that hard.