News

'Incredibly Popular' Christian App Has Reportedly Leaked 'Vast Amounts' of User Data

A Christian faith app that has been downloaded over 1 million times has been leaking years of private user data, according to researchers from cybersecurity firm vpnMentor.

Pray.com is an app designed for daily prayer, Bible stories and faith-based meditation, according to its App Store page.

VpnMentor’s research team noted the app “has proven incredibly popular since launching in 2016.”

However, according to the researchers, the app’s developers “failed to properly secure vast amounts of data collected from the app,” leaving millions of users to be potentially exposed to fraud and online attacks.

Researchers discovered four misconfigured Amazon Web Services (AWS) S3 buckets and Pray.com was identified as their owner.

Trending:
Gunmen Ambush Ammo Caravan Headed to Texas, 7 Million Rounds Destined for America Now in Hands of Violent Criminals

“AWS S3 buckets are a popular cloud storage solution for many apps and websites, but users must set their own security protocols,” vpnMentor wrote.

Pray.com had protected some files by setting them as private, however, many files were easily accessible.

“Pray.com’s developers overlooked basic security protocols on the S3 buckets, leaving many of the files stored within them publicly accessible to anyone with access to the bucket’s URL (easily obtained),” vpnMentor wrote.

“We have no evidence — and no way of knowing — whether the data in our reports has been accessed or leaked by anyone else; only the database owner can know that.”

Are you concerned about apps accessing your personal data?

VpnMentor said it tries to prevent unsafe internet use by conducting web mapping projects like the Pray.com report.

“We do our best to prevent this from happening by reaching out to the companies and ensuring they secure their leaking database as soon as possible.”

When the research team reached out to Pray.com, they said they did not receive a reply until five weeks after their initial attempt to contact the organization. Pray.com’s CEO replied with one word: “Unsubscribe.”

“We don’t know if anyone has actually accessed data and downloaded it,” Ran Locar of vpnMentor’s research team told Fox News.

According to Locar, the most dangerous aspect of this security breach is that “most of the people affected don’t even know … they didn’t agree to have their data exposed.”

Related:
Ahead of Biden's Meeting with Putin, Russian Despot Offers to Make a Massive Trade

The researcher said the data sometimes contains PIN numbers, credit card numbers and other sensitive data.

“[This is] a very strong privacy lesson,” Locar said. “If an app is asking for permission, it will grab the data and the data is no longer in your control.”

VpnMentor added in a research note that it is important to review “the permissions [an app is] requesting and find out for what purpose they’re needed.”

“If an app asks for access that doesn’t make sense, you can refuse,” the researchers wrote.

The Western Journal reached out to Pray.com for comment but did not receive a response before publication.

Truth and Accuracy

Submit a Correction →



We are committed to truth and accuracy in all of our journalism. Read our editorial standards.

Tags:
, , , ,
Erin Coates was an editor for The Western Journal for over two years before becoming a news writer. A University of Oregon graduate, Erin has conducted research in data journalism and contributed to various publications as a writer and editor.
Erin Coates was an editor for The Western Journal for over two years before becoming a news writer. She grew up in San Diego, California, proceeding to attend the University of Oregon and graduate with honors holding a degree in journalism. During her time in Oregon, Erin was an associate editor for Ethos Magazine and a freelance writer for Eugene Magazine. She has conducted research in data journalism, which has been published in the book “Data Journalism: Past, Present and Future.” Erin is an avid runner with a heart for encouraging young girls and has served as a coach for the organization Girls on the Run. As a writer and editor, Erin strives to promote social dialogue and tell the story of those around her.
Birthplace
Tucson, Arizona
Nationality
American
Honors/Awards
Graduated with Honors
Education
Bachelor of Arts in Journalism, University of Oregon
Books Written
Contributor for Data Journalism: Past, Present and Future
Location
Prescott, Arizona
Languages Spoken
English, French
Topics of Expertise
Politics, Health, Entertainment, Faith




Conversation