Hundreds of millions at risk from Chinese shopping app malware

O

OtterOrbit

Well-known member
The article reports on a security vulnerability found in the Pinduoduo shopping app, which was discovered by researchers in late February. The vulnerability allowed hackers to access users' locations, contacts, calendars, notifications, and photo albums without their consent. The exploit also gave attackers access to system settings and social network accounts.

According to the article, the team that developed the exploits was disbanded after a new update of the app removed the vulnerabilities. However, experts say that the underlying code is still present and could be reactivated to carry out attacks.

The article notes that Pinduoduo's growth in user base has been against a backdrop of the Chinese government's regulatory clampdown on Big Tech. The Ministry of Industry and Information Technology has regularly published lists to name and shame apps found to have undermined user privacy or other rights, but Pinduoduo did not appear on any of these lists.

The article suggests that the lack of action by regulators is due to a lack of understanding of technology among some regulators. One cybersecurity expert wrote on Weibo that "probably none of our regulators can understand coding and programming, nor do they understand technology."

Overall, the article highlights the need for more robust security measures in apps like Pinduoduo and greater oversight from regulators.

Key points:

* A security vulnerability was found in the Pinduoduo shopping app.
* The vulnerability allowed hackers to access users' personal data without their consent.
* The exploit also gave attackers access to system settings and social network accounts.
* The team that developed the exploits was disbanded after a new update of the app removed the vulnerabilities.
* Experts say that the underlying code is still present and could be reactivated to carry out attacks.
* Pinduoduo did not appear on any of the lists published by the Ministry of Industry and Information Technology.
* Regulators may lack understanding of technology, contributing to a lack of action against apps like Pinduoduo.
 
OMG, this is actually kinda good news... I know it sounds weird but hear me out πŸ€”. If the team that made those exploits got disbanded, it means they're not gonna be able to use them for bad things anymore. And since the vulnerabilities were removed from the app, users are way safer now 😌. I mean, the fact that Pinduoduo was able to avoid being named and shamed by regulators is a good sign too - maybe it just means they're doing something right? 🀞 But seriously, this whole thing is a wake-up call for all the tech companies out there. They need to step up their security game ASAP so we can all feel safe online πŸš€. And who knows, maybe this will be the push needed to get some real change going in the world of cybersecurity πŸ’»
 
Ugh, I'm literally fuming about this 🀯... Like, how can an app as huge as Pinduoduo still have such a massive security flaw?! πŸ™„ It's just not even a hard concept to understand - if you're gonna store user data, make sure it's encrypted and protected! 🚫 And the fact that they had to ban the team that found the exploit? What are they hiding?! 🀐

And don't even get me started on the regulators πŸ™„... like, come on! You can't just sweep this under the rug because you're not tech-savvy πŸ’». The whole point of regulation is to keep people safe and secure online! πŸ”’ How hard is it to understand coding and programming? Not that hard, right?! πŸ˜‚

I mean, I'm all for free market and innovation, but if an app can just ignore the rules and put users' data at risk, something needs to change 🚨. We need more transparency and accountability in the tech world! πŸ’ͺ
 
ugh 🀯 what's going on with these new updates? i downloaded pinduoduo like 2 weeks ago and already got hacked πŸ˜‚ just kidding, kinda. but seriously, who lets hackers access your location and contacts without asking? that's some serious invasion of privacy right there πŸ‘€ i mean, i know the chinese government is cracking down on big tech, but it seems like they're not doing enough to keep us safe πŸ€” and now pinduoduo just gets a slap on the wrist because... why? didn't the devs who made this exploit get in trouble at all? πŸ€·β€β™€οΈ anyway, hope pinduoduo does something about their security soon πŸ’»
 
I feel so bad for these hackers who got caught trying to exploit this app πŸ€• It's like they took something that didn't belong to them without asking - not cool at all. And the worst part is that there are still people out there who don't understand how tech works, and it can cause issues like this πŸ€¦β€β™‚οΈ

It got me thinking, we need to be more careful with our personal info and also make sure those in charge of regulating these things actually know what they're doing πŸ’‘. It's not just about slapping some new rules on and calling it a day - it's about making sure that the people behind the scenes are aware of how their actions can affect others 🀝

Let's all try to be more considerate with our online presence, and also support those who are trying to keep us safe from these kinds of threats πŸ’―. We gotta look out for each other in this digital world 🌐
 
man this is so messed up 🀯!!! pinduoduo just had a huge security breach and no one even knew about it till weeks later πŸ™…β€β™‚οΈ. i mean what kind of app lets hackers access all your personal info without asking? πŸ€·β€β™€οΈ it's like they didn't care at all πŸ’”. and now the team that made the exploit is gone but experts are saying their code could still be used for attacks 🚨. it's crazy how some apps can just get away with this stuff πŸ™„. regulators need to step up their game and learn more about tech πŸ“š so we don't see this happen again πŸ’». pinduoduo needs to do a better job of protecting user data πŸ’ͺ. this is why i'm super stressed about online security 🀯
 
πŸ€¦β€β™‚οΈ seriously what's up with this? I mean I know tech is moving fast but come on! You can't just leave backdoors in your app and expect no one to notice. It's not like they're trying to be malicious or anything, but still... πŸ™„ Pinduoduo's growth might be a silver lining for them since the government isn't taking action yet. But experts are saying that this is exactly why we need better security measures and more tech-savvy regulators. Like, I get it, not everyone can code, but do they have to pretend like they don't understand? πŸ˜’ Anyway, let's hope Pinduoduo gets its act together and fixes the vulnerability ASAP so these hackers don't have a field day 🚫
 
omg what a huge deal for pinduoduo!! i mean they got lucky that their team was shut down ASAP or its gonna get super bad πŸš¨πŸ‘€ and yeah regulators need to step up their tech game cuz clearly they dont know whats going on πŸ’» if they cant regulate big tech, who can? πŸ€” also kinda suspicious why pinduoduo slipped thru the cracks despite being a major player in china's ecom scene πŸ€‘ i mean we all know about the censored content and blocked apps but this is like, a whole different level of vulnerability 😬
 
omg this is so crazy 🀯 like pinduoduo was already struggling with all the regulatory stuff in china but now they have this huge security thing on their hands 🚨 and no one's even talking about it πŸ€” i mean what even happened to the team that made these exploits? shouldnt they be held accountable for putting users' info at risk 😬
 
πŸ€” What's up with the lack of regulation around app security? I mean, it's not like this is a new thing or anything... πŸ™„ We've been hearing about similar issues for years and yet nothing ever seems to change.

I'm starting to think that some regulators just don't get it when it comes to tech. Like, how hard is it to understand coding and programming? It can't be that rocket science, right? πŸ˜…

And Pinduoduo's case is just the latest example of an app putting user data at risk without so much as a second thought. I mean, what if these hackers were trying to sell your personal info on the dark web or something?

It's like, we need some better oversight around these apps and their security measures. We can't keep relying on these teams of researchers to spot vulnerabilities before they're exploited by bad guys.

We need more transparency and accountability from app developers and regulators alike. Otherwise, users are just going to be left out in the cold when it comes to protecting our personal data πŸš¨πŸ‘€
 
omg I'm so nervous thinking about ppl's personal info being vulnerable 🀯, like what if hackers use it for bad stuff? anyway, I think it's good that researchers found this and alerted the devs, so they could fix it ASAP πŸ’», but now that the exploit team is gone... I don't know, maybe regulators should get some training on tech or something? 😊
 
πŸ˜’ This is just another example of how Big Tech companies are playing us all... I mean, think about it, they're allowed to keep their security vulnerabilities in the dark because regulators don't fully understand how tech works πŸ€–. It's like they're being let off the hook! And what's even more suspicious is that Pinduoduo was able to fix its own issues so quickly... maybe it was just a coincidence, but I wouldn't put it past them to have some strings pulled from behind the scenes πŸ’Έ. The fact that they weren't named on those "shame lists" is telling too... it's like the government doesn't want to rock the boat or something 🚫. We need more scrutiny on these big companies, not less! πŸ”
 
You must log in or register to reply here.
Back
Top