The Cybernews team discovered that Huddle01, a video call app utilizing decentralized WebRTC technology, suffered a significant security breach. Over 621,000 user logs and sensitive data were exposed via an unprotected Kafka broker, which lacked necessary authentication and encryption. This misconfiguration allows unauthorized individuals to access private information such as usernames, email addresses, and even crypto wallet addresses.
The implications are severe, especially for Huddle01’s user base, which includes cryptocurrency users. By exposing real names alongside crypto wallets, the platform inadvertently tied users’ identities to their cryptocurrencies, increasing their risk of being targeted by malicious actors. The situation is exacerbated by the company’s lack of response to the initial disclosure; despite attempts to inform them, the flaw remained unaddressed after a month, potentially allowing unauthorized access to sensitive information during this time.
Users are urged to take precautions, such as changing passwords linked to exposed emails, enabling two-factor authentication, and remaining vigilant against phishing attempts. As the security incident illustrates, even emerging technologies like WebRTC can pose significant risks when crucial security measures are overlooked.
👉 Pročitaj original: Malware Bytes
