Target's Wish List app leaves your private info in the open

This is the time of year where people make a lot of gift lists. After all, it's the season of giving. This year, however, you might be careful about where you make your gift list. While it's not quite as bad as some of the more recent security breaches we've seen, it appears that Target's Wish List might not be as secure as we'd like.

Target's app for making holiday wish lists actually keeps a database of its users. Things like names, addresses, and email addresses are all stored within this database. That's pretty common, as the information has to be stored somewhere. However, it appears that the database is easily accessed through the internet.

This information comes from Avast, a company that specializes in internet security. They said that the API used by Target requires no authentication, whatsoever. This means that anyone that accesses the API has every bit of information stored in the database at their disposal.

Target has already responded to this discovery by releasing the following statement: "Earlier this evening, it was brought to our attention that there may be a potential issue with our guest registry platforms. Out of an abundance of caution, we have disabled elements of our wish list app and gift registry while we assess. We apologize for any challenges guests may be facing while trying to access their registry. Our teams are working diligently overnight to resume full functionality."

VIA: StarTribune