The Munich-based startup Zapptales has developed a business model in which users can turn private chats from services such as Facebook Messenger, Telegram, Threema, iMessage or Whatsapp into a bound book that they can then give away to friends, relatives or partners. In contrast to a classic photo, the Zapptales book contains not only images but also the desired message history. We reported on this.
Vulnerability in Zapptales database
To create the chat books, Zapptales provides an app that users can use to upload their private conversations. The security experts from Zerforschung have found a serious security hole in this app. As can be seen from a report that was sent to the Federal Office for Information Security (BSI) and the responsible Bavarian state data protection supervisory authority and is available to Spiegel, attackers would have chats, chat media and the complete PDFs of the Zapptales books via this gap can see.
69,000 customer data at risk
The addresses and email contact details of a total of 69,000 Zapptales customers were also visible due to the security gap. According to research, the access by third parties was caused by a mistake by the app developer. They had accidentally written the access keys to the databases containing customer data into their web application.